Botnets are indeed one of the scourges of the Internet and the government in conjunction with public and private companies want to work together to wipe them out.
The US departments of Commerce and Homeland Security (DHS) today discussed with other federal agencies and information technology-based private-sector leaders the need to create what they called a "a voluntary industry code of conduct to address the detection and mitigation of botnets." Botnets are collections of computers that are secretly infected with malware and then remotely controlled by cybercriminals.
The Center for Strategic and International Studies (CSIS) public policy organization held the meeting to get IT, policy and other leaders to brainstorm ideas about ways to fight the growing problem of botnets, including notification of consumers that their computers have been infected with botnet control software.
In a press release, the CSIS said researchers estimate that about 4 million new botnet infections occur each month. When a computer is infected by a botnet, the computer user's personal information and communications can be monitored and that consumer's computing power and Internet access can be exploited. Networks of these compromised computers are often used to disseminate spam, to store and transfer illegal content, and to attack the servers of government and private entities with massive, distributed denial of service attacks.
More on security: The future of malware
The CSIS meeting included talks by senior officials from the Federal Communications Commission, US Internet Service Provider Association, DHS, National Institute of Standards and Technology and StopBadware.
But the meeting was only one step the government is taking to forge this botnet-fighting partnership.
In Sept., the departments of Commerce and Homeland Security issued public requesting information that could be used to develop "approaches to creating, a voluntary industry code of conduct to address the detection, notification and mitigation of botnets."
In the request, the agencies stated they "are concerned about the potential economic impact of botnets and the problems they cause to computer systems, businesses, and consumers. To address these problems, it is necessary to stop botnets from propagating and to remove or mitigate the malicious software (malware) where installed. Companies and consumers may be able to voluntarily address some of these issues, but to fully address the problem, they will need to work together to clean and better protect computers. This will require voluntary efforts on many fronts, including better standards and procedures to secure systems."
The group also wrote that one strategy that security experts suggest has been successful in stemming the tide of botnets has been for private sector entities to voluntarily and timely detect and notify end-users that their machines have been infected. This voluntary notification has mostly, though not always, come from the user's Internet Service Provider (ISP), which has contact information for the end-user and a pre-existing relationship.
"Once a service provider has detected a likely end-user security problem, it can inform the Internet user of the steps the user can take to address the problem. For example, last year in Australia, the Internet Industry Association in conjunction with the Minister for Broadband, Communications and the Digital Economy launched a voluntary code of practice for Australian ISPs to ensure consistent notification and remediation of consumer computer problems created by botnets. Once notified of a botnet infection, the consumer is sent to a website with information to help clean up his or her computer. Germany and Japan have begun similar efforts. Several U.S. companies seem to be engaged in similar types of practices, though without a code of conduct in place, and standards organizations have been discussing standards for botnet detection."
Other botnet questions the government is looking to address include:
- What existing practices are most effective in helping to identify and mitigate botnet infections? Where have these practices been effective? Please provide specific details as to why or why not.
- What preventative measures are most effective in stopping botnet infections before they happen? Where have these practices been effective? Please provide specific details as to why or why not.
- Are there benefits to developing and standardizing these practices for companies and consumers through some kind of code of conduct or otherwise? If so, why and how? If not, why not?
- Please identify existing practices that could be implemented more broadly to help prevent and mitigate botnet infections.
- What existing mechanisms could be effective in sharing information about botnets that would help prevent, detect, and mitigate botnet infections?
- What new and existing data can ISPs and other network defense players share to improve botnet mitigation and situational awareness? What are the roadblocks to sharing this data?
- Upon discovering that a consumer's computer or device is likely infected by a botnet, should an ISP or other private entity be encouraged to contact the consumer to offer online support services for the prevention and mitigation of botnets? If so, how could support services be made available? If not, why not?
- Should companies have liability protections for notifying consumers that their devices have been infected by botnets? If so, why and what protections would be most effective in incentivizing notification? If not, why not? Are there other liability issues that should be examined?
- What is the state-of-practice with respect to helping end-users clean up their devices after a botnet infection? Are the approaches effective, or do end-users quickly get re-infected?
Public comments can be submitted on the Commerce/DHS Federal Register Request for Information until. November 4, 2011. Look here for more information.
Follow Michael Cooney on Twitter: nwwlayer8
Layer 8 Extra
Check out these other hot stories: