Wednesday, April 24, 2013

Metrics for the war on Military Sexual Trauma

Let's choose Military Sexual Trauma metrics with care:
Words matter, and numbers are the language of logic.

Image attribution:, promotional photo for Invisible War

"Military sexual trauma [MST], which encompasses everything from sexual harassment to rape, is now the leading cause of post-traumatic stress disorder among women in the U.S. Military. Female Soldiers today are 180 times more likely to be sexually assaulted by a fellow Soldier than killed by an enemy."

The Military’s Sexual Assault Epidemic, 30 March 2013, The Week, emphasis added.

I want to help solve the military's sexual assault epidemic. The first half of the epigraph above has captured my attention and harnessed my passion as a decision analyst serving the military community. That said, there is something deeply concerning to me about the metric cited in the second half of the quote above, namely, that a woman in uniform is 180 times more likely to suffer military sexual trauma (MST) than to be killed by the enemy. 

But the metric is concerning for an unexpected reason: it's harmful to the cause! To say that a woman in uniform is 180 times more likely to be sexually assaulted by a fellow Soldier than killed by an enemy certainly catches one's attention in dramatic fashion. I'll grant that. Contrasting MST to combat death may be intended to communicate the severity of the MST epidemic, but it is a flawed comparison which sets wrong expectations, uses wrong standards, and addresses the wrong population. The ratio is seriously harmful to the victims of MST and the military's efforts to deal with the problem of MST. 

Bad metrics backfire. Let me first explain what is wrong with this metric, and then propose an alternative.

First of all, we have a problem with expectations. The bar has been set at 180, and we expect the ratio to get smaller as the situation improves. However, the ratio of MST to combat deaths is only going to get higher.  We have not seen the end of trauma-induced rage, abuse of power, and other combat-related issues contributing to the rise in sexual violence within the military. The causes of the spike in sexual violence will not stop producing their ill-effects overnight. As the wars draw down, combat deaths will decrease, which alone will cause the ratio to climb. Yet over the same time, the numbers of people acting out in sexually violent ways will likely increase. And hopefully, the reporting of these incidents will increase as well.  So the denominator will drop off to zero while the numerator may well spike. 

What will media sources such as The Week have to say when the ratio goes from 180 to 200? 300?
  • Will they condemn the Army's SHARP program?
  • Will they pillory the DoD's SAPRO again, as they rightfully did in the movie, the Invisible War?
  • Will they declare leaders from the SecDef on down inept or morally corrupt?
  • Will concerned citizens press their lawmakers to rewrite the UCMJ to remove certain authorities from all Commanders, instead of prosecuting any Commander who abuses his authority?

All of these reactions would be horrible outcomes for victims, undermining solid efforts to address the MST problem, and leading to further erosion of order and discipline in the ranks. We must replace this 180 metric with one which sets proper expectations. 

  • We want combat deaths to decline. 
  • We want 100% of MST incidents to be reported. We have reason to believe the majority of incidents are not reported, so even if the actual incident rate is unchanged, we actually want the numbers of reported cases to increase
  • And as soon as possible, we want the rate of incidents to drop off dramatically.

The proper expectation we should set and focus on is that the ratio of reported incidents to actual incidents will climb to 100% from approximately 30% now, regardless of combat casualties.

Secondly, we have the issue of standards. Problems like bullying, suicide, drug abuse, armed robbery, and sexual violence are vexing, of course. However, given that the military is but a subset of the society it serves, it's irrational to expect perfect behavior from the military. People are people, and there will be some level of noisy behavior in any population. That's why we invest in our leaders to set positive examples, and to counsel and correct behavior that detracts from good order and discipline. But, leaders are people, too. I am not excusing crime by any means, just pointing out that "zero tolerance" means that crime will not be tolerated, not that it will not occur! Therefore, in order to maintain higher than "normal" standards of good order and discipline expected in a military unit, it's essential that commanders have authority to instill values, reform potential miscreants before they offend, and to prosecute them fully if they offend.


The phenomenon of sexual violence within the military is only a matter requiring Congressional oversight when such crimes occur disproportionately within the military. That appears to be the case right now. The task is to drive the rate of incidents to a rate below the civilian population. Any attempt to drive MST to zero is misguided because it is doomed to fail. We must get the standards right, and enforce them. 

  • This involves excoriating any leader who abuses his or her special position of trust and confidence. 
  • The reaction of contracting out Drill Sergeants because some Drill Sergeants abused recruits is insane. Prosecute the offending Drills to the max! 
  • The reaction of rewriting Section 60 of the UCMJ because one Convening Authority may have made a questionable call is ludicrous. Prosecute the allegation and punish the offender.   

Thirdly, we must use terms that accurately describe the population under consideration.
  • MST is not an Army problem, so let's not single out Soldiers. The term, "Servicemembers," includes Sailors, Airmen, Marines, Coasties, and Soldiers, and is therefore preferred. 
  • MST is not a female problem. Most cases involve male perpetrators and female victims, but there are plenty of male on male, female on male, and female on female cases. The MST issue is gender neutral.
  • MST is not a sex problem. The perpetrators are not looking for sexual gratification. The perpetrators are looking for power, and sex is one weapon in the arsenal. The issue then is power dynamics, not sex or sexual tensions.  
  • MST is not a combat problem. The stress of combat, indeed the stress of repeated combat tours is likely a contributor to the military's failure to prevent MST. While combat may exacerbate MST, combat is not the root cause. Ending the wars will not solve the problem. 
  • MST is not a civilian problem. Until you have filled out your pre-deployment will and life insurance beneficiary forms, you have not begun to confront the prospect of laying down your life in combat. Military Sexual Trauma is a particular subset of sexual violence.

There are sociopaths in the world, and unfortunately, some make it into the military. It's unrealistic to put a group of mostly young people (including a percentage of society's emotionally challenged) through the gauntlet of a decade of war and expect them to behave collectively just as do their civilian counterparts. To solve the MST problem, we must focus our efforts on the target population: Servicemembers. 

  • male and female, 
  • all ranks, 
  • and all branches of service.

Female Soldiers today are 180 times more likely to be sexually assaulted by a fellow Soldier than killed by an enemy. That sounds horrible until one realizes that there are an estimated 19,000 sexual assaults per year in the military. These assaults take place among a million uniformed servicemembers. Servicemembers are exposed to the risk of blue-on-blue sexual assault 24 x 7, while they are only exposed to the risk of combat death when they are deployed to combat.  

A Better Metric

So far we have agreed that yes, there is a problem in the military and sexual violence is occurring at a rate higher than in society at large. And yes, sexual violence tears a team apart. It violates not only the victim but the values of the unit and the special trust citizens have in their military leaders to maintain good order and discipline while fighting and winning the Nation's wars. But the bottom line is that the metric used to describe the magnitude of the MST issue must be a comparison between military and civilian sexual violence.


The only real question is, at what point does a young person's risk of sexual violence have no bearing on his or her choices between military service, attending college, or getting a civilian job?

We send our sons and daughters into harm's way for reasons which reflect our National values and our vital National interests. That decision should be neutral on the question of blue-on-blue violence. We have a situation requiring Congressional oversight only when the decision is not neutral. If it's neutral or in favor of the military and the rate of incidents is greater than zero, there is still an MST problem but Congress can leave it to the military to address.    

The Road Ahead

It will be a long time before the efforts of SAPRO and SHARP achieve end-state goals
  • completely empower victims and potential victims,
  • engage bystanders and colleagues to prevent and intervene, and
  • control or eliminate the perpetrators and potential perpetrators.  

It could be years of sustained effort before DoD again looks like society at large in the area of sexual violence. During that same multi-year period of what we can only hope will be sustained effort, the bogus 180 metric can only go up, falsely implying that the situation is getting worse! We WANT reports of incidents to go UP. We WANT combat casualties to go DOWN. What is 180 now will double if we get what we WANT! And if we do nothing to counter the misinformation wrapped up in the 180 metric, pressure from society will undermine the military's best efforts.

Rape is always wrong and always an issue of utmost importance, perhaps particularly in high-performing teams such as our military formations. Given that some people do go to combat, the only time that MST is an issue for Congress, parents, or enlistees is when a person going to combat has a higher chance of being raped than his or her civilian counterpart. 

When we as a Nation send our sons and daughters into harm's way, we have a right to insist that their leaders keep the risks under control. We must also invest in those leaders and give them the tools they need to perform that role. And yes, the flip side is also true: bad leaders must be held accountable.

I applaud movies like Invisible War and media attention on the severity of the MST issue. There is a problem, and it must be dealt with, and the truth must come out. However, in the pursuit of truth I have a serious issue with a statistic that does more harm than good! Words matter, and numbers are the language of logic. This 180 ratio is harmful to the war on MST. Let's focus on the real problem with numbers, metrics, and scales that actually describe 

  • the correct expectations, 
  • the proper standards, and 
  • the actual people under consideration.

Thank you for your time in reading this message. Feel free to circulate it. Comments are welcome. 

Questions for interaction:

  • Have you seen The Invisible War? What did you think of it? If not, will you?
  • Have you or someone you know been affected by MST? Do you know where to get help? 
  • Have you come across any other metrics that seem to undermine the cause they supposedly support? 


Monday, April 15, 2013

Toxic Masculinity?

Judge Thomas Lipps listening to arguments in Jefferson County Juvenile Court. AP Photo/Herald Star, Mark Law

"If we want to end the pandemic of rape, it’s going to require an entire global movement of men willing to do the hard work of interrogating the ideas [with which] they were raised...."
So says Jaclyn Friedman in her provocative March 13, 2013 Prospect article, Toxic Masculinity. And I am writing today because I could not agree more.

April is Sexual Assault Awareness Month in the Army. As a retired Army Officer and father of two teen-aged daughters, I have a personal stake in ending the pandemic of rape within the military. I care about my family, my community, and the military culture in which I served for 28 years. It pains me to think of the lives destroyed by such horrendous acts as have been in the news so much of late: acts of violence carried out mostly by men, and mostly against women or children. Sometimes the crimes are carried out with guns, sometimes with sexual violence, and sometimes with both.

Toxic Masculinity.

Is it just me? Has there been a measurable shift in media coverage on topics of violence? If so, are the reports merely documenting the incidents, or fanning the flames?  Are people worse, or are we just hearing about bad behavior more often because of improved communications technology? Let's agree that the question is rhetorical at this point. The "behavior-or-hype" answer is not obvious, and is most likely due to a combination of these and other factors. Still, based only on my instincts, I feel there has been an increase in gun violence and sexual violence over the past decade that tracks with the following phenomena:

  • increased desensitization to death and destruction after a decade of war
  • increased objectivization of women (eye candy, ornamentation, pornography, provocative fashion)
  • increased female body modification (liposuction, breast augmentation, botox, tattoos and piercings)
  • increased male body and performance modification (steroids, erectile dysfunction pills, penile implants, weight loss pills, hair transplants)  
  • increased media hostility toward successful, powerful, and intimidating female role models
  • increased glamorization of men as gladiators (athletes, actors, Special Forces, super heroes)
  • increased hyper-sexuality and gun violence in video games and movies 

Rape is a global concern, but I am especially interested in the phenomenon of rape within the military. People are people and rape is a human problem, not an Army problem, per se. That said, “fairness, dignity, and respect” are already expressed tenets of Army culture. Army Values (LDRSHIP) reinforce the Army's cultural ideal. Never-the-less, the actions of some within the culture (the perpetrators of sexual violence, in this discussion) do not exemplify those expressed values.

According to Ed Schein, culture may be defined as, “the way we do things around here.” I would emphasize that culture is the way we actually do things around here, not the way we say we want to do things. All the speeches and posters in the world do not define culture as clearly as do the actions of the people in that culture.  Truly, actions speak louder than words.

To the recipient, a caring embrace is worth more than a journal full of written expressions.

There is a bell-shaped curve describing the behavior of a group of people on questions of morality. No one individual represents the entire group. When the bad apple stands out, it must either be pruned, or the whole tree is suspect.

The goal is to teach perpetrators--by any means necessary--what we MEAN by fairness, dignity, and respect—how we measure it, how we reward it, and how we prosecute violations of it.  If we reform or remove the perpetrators, then the Army’s bell-shaped curve will shift. And that is culture change.

So there are lots of ways to bend the culture. Cultural change is an overly broad goal for the Army's Sexual Harassment / Assault Prevention and Response (SHARP) Program. What I like better is the more explicit goal of reforming or, if necessary, removing the perpetrators. Identify them before they offend, if possible, or as soon as possible after the first offense. Remove them and reeducate them. Reintroduce them if possible, or dump them back into society with a big red warning label if not.

I would hate to pass my problems off to someone else, but in the case of the Army, they have a bigger mission than retraining all the society’s bigots, sexists, misogynists, and psychopaths.  They can and must retrain some, but the hard fact is that Toxic Masculinity is a supply-side problem. Today's Soldiers, sailors, airmen and Marines reflect the society they serve--which is to say, many of them played football in high school.   

In the midst of all this toxic masculinity, it occurs to me that men are not raised to be men. We raise men to be "not girls" and "not gay." Sensitivity is mocked. Empathy is derided. Victory on the basketball court or the hedge fund is praised--even, and perhaps especially, if victory involves a good punch in the throat. Been to a hockey match or a NASCAR event lately? "Rubbing is racing." The stereotypical male is a sex-and-violence machine. We worship star athletes, covering them with adulation and not a little cash, while forgiving every indiscretion and even the odd crime. Kobe Bryant, accused rapist and still star of the NBA's Los Angeles Lakers. Tiger Woods, serial philanderer and once again the top-ranked golfer on the pro circuit, with a gorgeous blonde on his arm. The list goes on.

Is it any wonder the high school football players in the Steubenville, Ohio rape trial felt entitled?

The opposite of Toxic Masculinity is not spineless foppishness. A hunter can hunt and kill with respect for the prey. A father can defend with love for his family. Anyone with passion can advocate for a cause in a non-violent manner. What seems to matter is emotional intelligence and a healthy awareness of one's place in the universe. Focus on developing the health of boys and men, and eliminate the harmful symptoms of unhealthy, even toxic, behavior.

Fixing the pandemic of rape includes teaching boys how to be real men: swift, strong, skillful, smart, and sensitive, yes... but above all, healthy.


Image attribution:

Read relevant articles:

More information:

Stories about rape culture pulled from recent news reports:

You can contribute to this blog! Send me article ideas and links by commenting on this post. I will give you credit for your contribution to future posts. Thank you for reading and participating. 

Note: This post was edited at 4 pm, April 15th, 2013.

Tuesday, April 2, 2013

Rape Culture

Today I am endorsing, reprinting, rebroadcasting, retweeting, +1-ing, sharing, Tumblr-ing, and blogging about this March 21st statement from the non-profit organization, UltraViolet:

"Between the Steubenville trial, the horrible attacks against rape survivor and political analyst Zerlina Maxwell, and CNN's awful coverage of the Steubenville verdict--it's time we had a serious conversation about rape culture.

"Because Todd Akin didn't come up with the term 'legitimate rape' all on his own."

Sure, Akin's phrase "legitimate rape" made me sick to my stomach, but did I do anything about it? Perhaps not immediately, but I have lately begun to focus on rape culture, particularly within the military. And by "focus," I mean turning my energy to the task of eliminating rape within the military through education, training, prevention, intervention, leadership, and teamwork.

We have our work cut out for us as a society. The information graphic below, also from UltraViolet, sums up the nature of the rape culture challenge in this country. The military reflects the society it serves, and the statistics inside the ranks are no better. They may even be worse, when you consider that the military skews younger and so many of our troops have been stressed by a decade of war. But there are no excuses for rape, nor for a culture of permissiveness around sexual violence.

Rape culture is a violent offense to Army values and to the ideal of treating all persons with fairness, dignity, and respect. Is it therefore, as UltraViolet suggests, "Time for a serious conversation?" We're past the point of talking, in my opinion. It's time for a country and a nation's Army to act:
  • change how we train men to be men, replacing toxic masculinity with virtues of strength and justice
  • identify and crack down on potential perpetrators, whose behaviors and attitudes do not conform to the values of fairness, dignity, and respect
  • prosecute offenders to the fullest extent of the law--because rape tears apart a person, a family, and a team
  • train potential victims in awareness, self-defense, and prevention techniques--because perpetrators will avoid strength and exploit weakness 
  • empower bystanders to prevent rape before it happens and intervene in situations which might lead to sexual assault
  • advocate for victims so that more offenses are reported, more cases are tried, and more perpetrators are removed from society.
I believe these actions will address the pandemic of rape, both in the immediate term and also for the long run. If it takes years to build a culture, it can take years to bend it. I doubt anyone would expect to defeat rape culture overnight. Even so, we can only stop rape culture if we recognize it and stand up against it.

Care to help? Consider endorsing, reprinting, rebroadcasting, retweeting, +1-ing, sharing, Tumblr-ing, and blogging about this post, and visit the non-profit organization, UltraViolet for more information.

This post is published with sincere appreciation to my friend CC who brought this infographic to my attention.

Flow and Friction

The Vessel
an allegory of 
Flow and Friction

My favorite vessel is the one that is closest when I am thirsty....
Diogenes looking for an honest man

I have a cupboard full of cups. The nicest glasses in my display case are fine works of art, but they rarely get used. Some of my cups remind me of special places I have visited in the past. I love them all and could never have too many.

Sadly, I have dropped a few and chipped or broken or shattered them. It happens. None of these vessels were meant to last forever (unless you count the recycled shards). When I lose one, I treasure the remainders all the more. 

But here is the real important thing about these cups and glasses: In the end, the value of a vessel is not about the container. A vessel is all about the flow. All life is flow and friction.
"Flow" by Paul Stopler Glass

You may be "just the vessel" but the point is, of all the cups in the cupboard, you are the one being used. You are flowing and being refilled. You are quenching a mighty thirst. There is a reason for that. 

(Or maybe not.)

Either way, the message that fills you is flowing through you right now. 

                                                    And I am in awe.

dedicated to my amazing brother and his life-changing testimony

Monday, April 1, 2013

Time to replace GDP with Aggregate Happiness, Respect, and Dignity (AHRD)?

My brother is a brave and blessed cancer survivor who has waged a remarkable and truly inspirational battle with his deadly foe. This battle has changed his outlook on life and his personal testimony. In a recent post on my brother's Caring Bridge site, he shares the following quote from Dutch-born Catholic priest and author, Henri Nouwen. My brother includes the introductory comment that this Nouwen quote inspires him to be confident in his faith and in who he is.

“At issue here is the question: 'To whom do I belong? God or to the world?' Many of my daily preoccupations suggest that I belong more to the world than to God. A little criticism makes me angry, and a little rejection makes me depressed. A little praise raises my spirits, and a little success excites me. It takes very little to raise me up or thrust me down. Often I am like a small boat on the ocean, completely at the mercy of its waves. All the time and energy I spend in keeping some kind of balance and preventing myself from being tipped over and drowning shows that my life is mostly a struggle for survival: not a holy struggle, but an anxious struggle resulting from the mistaken idea that it is the world that defines me.

"As long as I keep running about asking, 'Do you love me? Do you really love me?,' I give all power to the voices of the world and put myself in bondage because the world is filled with 'ifs.' The world says, 'Yes, I love you if you are good-looking, intelligent, and wealthy. I love you if you have a good education, a good job, and good connections. I love you if you produce much, sell much, and buy much.' There are endless 'ifs' hidden in the world's love. These 'ifs' enslave me, since it is impossible to respond adequately to all of them. The world's love is and always will be conditional. As long as I keep looking for my true self in the world of conditional love, I will remain 'hooked' to the world-trying, failing, and trying again. It is a world that fosters addictions because what it offers cannot satisfy the deepest craving of my heart.” 

― Henri J.M. Nouwen

When I read the Nouwen quote on my brother's website, the words cut me in half.

I would describe myself as achievement-oriented, and I know lots of people like me in that regard. But Nouwen's series of "ifs" points out the weakness of this otherwise productive outlook: nothing is ever quite good enough. When we evaluate the relative worth of our own efforts as well as those of other people around us by the "make more, sell more, buy more" metric, we set up life as a race where only the most able competitors are valued.

Wow, the Gross Domestic Product explains athletes and hedge fund traders making millions while inner-city schools crumble the old and sick are taken advantage of until they die forgotten, doesn't it?  

What if we measured "struggle" instead of "achievement"? What if achievements were not ends unto themselves, but merely means of learning our gifts? Rather than a race to an inevitable and frightening death, what if life could be an endless cooperative matching of strengths to weaknesses?

I do not consider myself a Marxist just because I complain about income inequality. Many super-rich voluntarily share their good fortune through their foundations and through charitable giving. Once a certain level of wealth has been achieved, the next marginal dollar has no impact on happiness. But we may need an incentive for some super-rich to voluntarily shift their focus from acquisition to distribution.

If the next marginal dollar does nothing to increase my personal happiness, but that same dollar contributes  to the dignity of another and to the respect and esteem in which I am held, might I be more willing to voluntarily cross the line from greed to largesse? I think so.

This leads me to the question, "Which approach would lead to better outcomes for Americans of all income levels: measuring Gross Domestic Product (GDP)? or measuring something more transformational and aspirational, such as the Aggregate Happiness, Respect, and Dignity (AHRD)?"

We describe God’s love as unconditional. Ideally, a parent's love is unconditional. We also understand the Golden Rule. With these examples, we know what right looks like. Meanwhile in the USA we are still using the Gross Domestic Product to keep score. The GDP is an Industrial Age transactional framework rewarding makers, sellers, and buyers. I think something like the AHRD could be just the kind of transformational metric we need to get us closer to a more perfect Union.


Read more:


The Recent DDoS Attacks on Banks: 7 Key Lessons Learned

Here’s a good recap of the recent Distributed Denial of Service (DDoS) attacks on banks, for anybody who hasn’t followed the mounting Cyber Security threat.



What should banks large and small learn from the DDoS attacks that crippled websites and shook consumer faith in the industry?

Here’s what Rodney Joffe, one of the world’s leading experts, has to say.



Starting in mid-September, one of the largest and most sophisticated DDoS attacks ever targeted the titans of American banking. Initially, victims included Bank of America, JPMorgan Chase, Wells Fargo, PNC Bank, and U.S. Bancorp. In the weeks to come, others would also feel the pain. Websites crashed, customers were unable to make transactions and IT professionals and PR gurus went into panic mode. Leon Panetta, then-U.S. Secretary of Defense, said the attacks foreshadowed a “Cyber Pearl Harbor.” While evidence still continues to emerge, the following lessons are clear enough. All spell danger, for banking and the world in general.


1. DDoS attacks have entered a dangerous new phase. A combination of size and intelligence marked these attacks. While they peaked at between 60 and 150 Gbps (most DDoS attacks are smaller than 1 Gbps), the assaults on banks involved only 2,000–3,000 computers, not the tens or hundreds of thousands we’ve seen in botnets before. The difference: most of the compromised systems were powerful business machines, rather than traditional home computers, with access to significantly more bandwidth to help flood connections. First, the attackers hit web resources with large numbers of HTTP (web) traffic and then moved on to DNS servers, which tend to be more vulnerable. The result was a curious hybrid: a highly strategic, brute-force attack that left its victims reeling. Clearly, the attackers were well acquainted with how the Internet works.

2. Who did it and why are less important than the fact it could be done. An Islamic group calling itself the Cyber Fighters of Izz ad-din Al Qassam claimed credit for the attacks, allegedly retaliating for an anti-Muslim video. While some suspect the hand of Iran behind these concerted strikes, no one has provided definitive proof of the culprits’ identities or motives. It’s possible a nation-state or terrorist cell is guilty. It’s also possible for the proverbial basement genius to have done it. And that’s the scariest part. Anyone with sufficient knowledge could have pulled this off. Whoever it was didn’t need millions of dollars or a global support network. If you truly know how the Internet is architected, you can succeed in taking down whole industries, no matter who you are and whatever your reasons may be.


3. Brand reputations have suffered. So far, nobody has reported stolen data or major revenue losses, though of course most organizations are in no rush to admit such breaches. Unquestionably, however, America’s largest banks have lost a measure of public trust. Online forums lit up as website outages dragged on. Bank customers wondered aloud about security readiness. Some feared for their data and ultimately their money. As September rolled into October, there were concerns about defaulting on mortgage payments and other monthly bills because customers couldn’t log in to their bank accounts. While some banks did a good job of keeping customers apprised, no one had reassuring news. The best they could do was spin.

4. Traditional DDoS protection proved to be ineffective. Most companies rely on firewalls and intrusion detection/ protection systems to repel DDoS attacks. Some even have their own DDoS mitigation appliances, though many lack the trained staff to wield them effectively. When banks got socked by malicious HTTP traffic, firewalls may have worked to a point but finally turned into bottlenecks. And when enormous amounts of bad DNS traffic showed up, it was game over. Traditional systems simply were not up to the task. Pipes got flooded, outages occurred and the cavalry was called in – third-party DDoS protection specialists with cloud-based solutions affording more bandwidth and a better chance of success.


5. Smaller banks weren’t hit, but are more vulnerable. Think about it. The largest banks have the budgets to spend on DDoS protection. While their solutions couldn’t stop these recent attacks, they can stop most – the 90% less than 1Gbps in size. Small banks, on the other hand, lack the protection to stop even these. A modest-sized attack can cripple their operations. This makes local and regional banks extremely vulnerable. Third-party solutions, especially affordable on-demand services, are a good bet for smaller players who cannot build their own.


6. The attacks demonstrated the need for holistic DDoS protection. It’s not nearly enough to have a customized firewall or a mitigation appliance, especially one nobody has thought to tune in months. To repel today’s attacks you also need enormous bandwidth, skilled mitigation staff and diverse technologies, a mix that stops both HTTP and DNS attacks along with the application-layer attacks that have become so popular. In other words, you have to be ready for anything. Building on the bank attacks, the next wave of DDoS will surely be comprehensive – in strategy, tactical skill and destructive power.


7. The Internet itself was the attackers’ arsenal. Yes, for years now DDoS attackers have marshaled botnets to do their bidding. But the bank attackers showed an unprecedented understanding of the Internet’s potential as a kind of weapons storehouse. Everything they needed was out there for the taking: high-capacity servers, bandwidth galore and information on the business networks in their crosshairs. The attackers showed great patience and impressive intelligence gathering. They clearly learned from past attacks and successful defenses. Their own success in taking down the nation’s largest banks will prove to be an “Aha!” moment for aspiring miscreants. Knowing there is no protocol to stop attacks at their sources, future attackers likewise will plunder the Internet, cobbling together the resources and bandwidth to flood pipes, take down websites and leave business giants helpless.


Last thought: The banking industry leads the world in protection and security practices. If these attacks could happen to banks, they can happen to anyone. They truly are a when, not an if.