I am encouraged whenever I hear that the government and industry are working together to improve cyber security. It’s just one of those logical things to do. I’m not talking about government stepping in to create regulations (although there is a need for that, in my opinion), but government and industry should share their knowledge and their resources to secure the cyberspace that the entire nation — the entire world — shares, whether willingly or unwillingly. Somebody has to step up to ensure that the average citizen’s personal information is protected.
That in mind, I thought it was exciting to learn that two Cabinet-level departments — Homeland Security and Commerce — want input from Internet Service Providers (ISP) on ways to protect consumers from botnets. According to InformationWeek, the two agencies are:
asking the public to weigh in on requirements and approaches to creating a “voluntary industry code of conduct to address the detection, notification, and mitigation of botnets “via a request for proposal on the Federal Register … The DHS and Commerce are asking “all Internet stakeholders” to comment on potential models for detection, notification, prevention, and mitigation of botnets’ illicit use of computer equipment. The comment period is open until Nov. 4.
Botnets are pesky. They are dangerous. They steal financial data, as Zeus has shown. They have the ability to shut down energy infrastructure, as we’ve seen with Stuxnet. They cost the enterprise millions of dollars every year, and that cost continues to rise. Senator Jay Rockefeller (D-WV), chair of the Senate Commerce Committee, said in a statement:
Malicious actors are increasingly breaching the computers of Internet users to steal their personal information and leveraging those infected computers to launch attacks against other users and businesses. These infected computers — together known as botnets — are a serious threat to our national and economic security.
I think this outreach is encouraging. Is it going to stop botnets? Of course not. But it does mean that public and private sectors are working together on a common goal, which, in this case, is to better protect the general public from the dangers of botnets.
As the InformationWeek article wisely pointed out, there has been successful protection against botnets when ISPs not only identify the attack but also notify their customers that the network has been infected. Partnering with federal agencies should only improve on this.