On September 21, the departments of Commerce and Homeland Security issued a request for information through the Federal Register for individuals and organizations to share ideas about the requirements of and possible approaches to creating a voluntary code of conduct to address the detection, notification and mitigation of botnets.
The Department of Commerce and DHS have been in discussions with other federal agencies and private-sector leaders in the information technology industry the need to create a voluntary industry code of conduct to address the detection and mitigation of botnets.
The public may submit comments in response to the Commerce/DHS Federal Register Request for Information about botnet mitigation on or before 5 p.m., November 4, 2011. For further information, contact Jon Boyens at email@example.com.
“In our country, we always have this debate whether the government should take a stronger hand or whether market forces are enough. We've run out of time to have that conversation, at least on some level. We have to get something done,” said the general counsel for the U.S. Department of Commerce, Cameron Kerry.
Activation of the notification plan is still somewhat far off, as the logistics of exactly how such a system would be uniformly implemented across multiple ISPs is a complicated matter.
At an invitational meeting hosted by the Center for Strategic and International Studies (CSIS), IT, policy and other leaders met to brainstorm ideas about ways to fight the growing problem of botnets, including notification of consumers that their computers have been infected with botnet control software.
“Technology varies from company to company. Whatever it is that comes out of the idea of creating new security must be one that the ISP can create on their own and can implement across their network,” said Kate Dean, executive director of the U.S. Internet Service Provider Association.
Botnets are collections of computers that are secretly infected with malware and then remotely controlled. Networks of these compromised computers are often used to disseminate spam, to store and transfer illegal content, and to attack the servers of government and private entities with massive, distributed denial of service attacks.
Over the past several years, botnets have increasingly put computer owners at risk. Researchers estimate that about 4 million new botnet infections occur each month. When a computer is infected by a botnet, the computer user’s personal information and communications can be monitored, and that consumer’s computing power and Internet access can be exploited.