The U.S. departments of Commerce and Homeland Security (DHS) recently discussed with other federal agencies and private-sector leaders in the information technology industry the need to create a voluntary industry code of conduct to address the detection and mitigation of botnets.
Botnets are collections of computers that are secretly infected with malware and then remotely controlled by spammers, hackers or criminals.
At an invitational meeting hosted by the Center for Strategic and International Studies (CSIS), IT, policy and other leaders met to brainstorm ideas about ways to fight the growing problem of botnets, including notification of consumers that their computers have been infected with botnet control software.
“Improving cybersecurity requires a combination of efforts in which everyone has a role to play,” White House Cybersecurity Coordinator Howard Schmidt said in his keynote address.
“By working together to achieve better security, we can make the improvements needed that will ensure the security and resilience we need to prosper as a nation.”
On September 21, the departments of Commerce and Homeland Security issued a request for information through the Federal Register for individuals and organizations to share ideas about the requirements of and possible approaches to creating a voluntary code of conduct to address the detection, notification and mitigation of botnets.
“The Administration’s action today is a good step toward implementing an industry-wide code for Internet providers to inform their customers when a computer virus is detected. Internet providers in other countries are already providing alerts and warnings to compromised consumers as well as offering free mitigation tools," said Senator John D. (Jay) Rockefeller IV, Chairman, Committee on Commerce, Science, and Transportation.
"I commend companies like Comcast, which are already following this same model by deploying technologies to protect their customers from online threats. This kind of private sector leadership is a cornerstone in my cybersecurity bill with Senator Snowe. In order to make cyberspace safe in the 21st century, it is critical that other U.S. companies follow suit."
At the CSIS event, keynote talks by senior officials were followed by a panel session featuring representatives from the Federal Communications Commission, U.S. Internet Service Provider Association, DHS, National Institute of Standards and Technology and StopBadware.
The discussion centered on how Internet Service Providers and other organizations can detect botnet activity and promptly notify consumers that their computers have been compromised.
Over the past several years, botnets have increasingly put computer owners at risk. Researchers estimate that about 4 million new botnet infections occur each month. When a computer is infected by a botnet, the computer user’s personal information and communications can be monitored and that consumer’s computing power and Internet access can be exploited.
“The Internet has created virtual doors into our lives, finances, businesses and national security. Cyber spies, thieves and thugs are constantly testing the doorknobs, looking for a way in. American consumers have lost billions to cyber crime–which include botnet schemes and scams, and cyber criminals who continue to target the safety and security of our nation," Senator Barbara Mikulski, Chairwoman, Senate Appropriations Subcommittee on Commerce, Justice, Science, and Related Agencies.
"These attacks demonstrate the growing sophistication of their hacking capabilities. Even as we make progress in the fight to stop these thugs, the government cannot afford to go it alone as cyber criminals continue to adjust their tactics. That’s why I am glad the Administration is tapping into American ingenuity and partnering with the private sector to combat these persistent threats to our infrastructure and beat back cyber thieves.”
Networks of these compromised computers are often used to disseminate spam, to store and transfer illegal content, and to attack the servers of government and private entities with massive, distributed denial of service attacks.
“Today’s discussion of building a code of conduct around botnet detection, notification and mitigation highlights the importance of maintaining a trusted and secure Internet and the potential of multi-stakeholder efforts,” Cameron Kerry, Commerce general counsel and chair of the department’s Internet Policy Task Force, said.
“In a world where commerce and trade operate on exchange of digital information, security and privacy are two sides of the same coin, and this coin is essential currency.”
The public may submit comments in response to the Commerce/DHS Federal Register Request for Information about botnet mitigation on or before 5 p.m., November 4, 2011. For further information, contact Jon Boyens at firstname.lastname@example.org.