Mitigating IoT-Based DDoS

Current Status

After receiving industry feedback on its draft project description, the National Cybersecurity Center of Excellence (NCCoE) is excited to share the release of its finalized project description, Mitigating IoT-Based DDoS.

If you have questions or are interested in joining our Community of Interest, please email the project team at


The Internet of Things (IoT) is experiencing what some might describe as “hyper growth.” According to IoT Analytics, there will be 18 to 50 billion connected devices by 2020, compared with 6 to 14 billion connected devices in 2014. Those numbers are in line with Gartner’s research that suggest there will be 20.5 billion connected devices by 2020, up from 8.4 billion in 2017.

As connected devices become more commonplace in homes and businesses, security and privacy concerns are increasing. In the past, security has not been a priority for IoT providers; most device components are insecure, and many current IoT components are prohibitively difficult to secure due to processing, timing, memory, and power constraints. Despite these potential barriers to security, the consequences of not addressing security and privacy concerns of connected devices can be catastrophic. As seen with recent distributed denial-of-service (DDoS) attacks that leveraged IoT devices, entities that depend on internet services can be crippled. For businesses, this can mean a substantial loss in revenue and impact a company’s brand and customer trust. For consumers, whose connected devices are used in such attacks, there may be impacts to privacy and other consumer information.

To address these security and privacy concerns, the NCCoE is initiating a project to demonstrate reducing the vulnerability of systems to automated distributed threats based on exploitation of IoT components. The project will focus on consumer and small business environments. Components being sought for inclusion in the project include but are not limited to:

  • network gateways/routers supporting wired and wireless network access
  • Manufacturer Usage Description (MUD) Specification controllers and file servers
  • Dynamic Host Configuration Protocol (DHCP) and update servers
  • threat signaling servers
  • personal computing devices
  • business computing devices

The NCCoE aims to improve the resiliency of IoT devices against distributed attacks and improve the service availability characteristics of the internet by mitigating the propagation of attacks across the network. This project also supports the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (EO 13800). NCCoE cybersecurity experts will collaborate with stakeholders and vendors of cybersecurity technologies to develop a reference design addressing this challenge. This project will produce a NIST Cybersecurity Practice Guide—a freely available description of the solution and practical steps needed to help consumers and small businesses mitigate IoT-based automated distributed threats that take advantage of consumers’ and businesses’ devices and networks.

Join Our Community of Interest

Interested in joining the Mitigating IoT-Based DDoS Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.

News and Events