Mitigating IoT-Based DDoS

Current Status

This project is currently seeking technology vendors to participate in the development of an example solution. Please see our Federal Register notice for more information. After reviewing the notice, if you as a technology provider are interested in providing products and technical expertise as a collaborator on the reference design for this project, please send an email to requesting a Letter of Interest template.

Download the Mitigating IoT-Based DDoS project description for more information on the project.


The Internet of Things (IoT) is experiencing what some might describe as “hyper growth.” According to IoT Analytics, there will be 18 to 50 billion connected devices by 2020, compared with 6 to 14 billion connected devices in 2014. Those numbers are in line with Gartner’s research that suggest there will be 20.5 billion connected devices by 2020, up from 8.4 billion in 2017.

As connected devices become more commonplace in homes and businesses, security and privacy concerns are increasing. In the past, security has not been a priority for IoT providers; most device components are insecure, and many current IoT components are prohibitively difficult to secure due to processing, timing, memory, and power constraints. Despite these potential barriers to security, the consequences of not addressing security and privacy concerns of connected devices can be catastrophic. As seen with recent distributed denial-of-service (DDoS) attacks that leveraged IoT devices, entities that depend on internet services can be crippled. For businesses, this can mean a substantial loss in revenue and impact a company’s brand and customer trust. For consumers, whose connected devices are used in such attacks, there may be impacts to privacy and other consumer information.

To address these security and privacy concerns, the NCCoE is initiating a project to demonstrate reducing the vulnerability of systems to automated distributed threats based on exploitation of IoT components. The project will focus on consumer and small business environments. Components being sought for inclusion in the project include but are not limited to:

  • network gateways/routers supporting wired and wireless network access
  • Manufacturer Usage Description (MUD) Specification controllers and file servers
  • Dynamic Host Configuration Protocol (DHCP) and update servers
  • threat signaling servers
  • personal computing devices
  • business computing devices

The NCCoE aims to improve the resiliency of IoT devices against distributed attacks and improve the service availability characteristics of the internet by mitigating the propagation of attacks across the network. This project also supports the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (EO 13800). NCCoE cybersecurity experts will collaborate with stakeholders and vendors of cybersecurity technologies to develop a reference design addressing this challenge. This project will produce a NIST Cybersecurity Practice Guide—a freely available description of the solution and practical steps needed to help consumers and small businesses mitigate IoT-based automated distributed threats that take advantage of consumers’ and businesses’ devices and networks.