9 Principles to Battle BotnetsFeds, Business Team Up to Limit Harm Caused by Botnets
The federal government and business are teaming up to help limit the adverse affect of botnets, those networks of hijacked personal computers that spew spam and malware.
"The issue of botnets is larger than any one industry or country," says retiring White House Cybersecurity Coordinator Howard Schmidt, who hosted a government-industry meeting on battling botnets at the White House on May 30. "This is why partnership is so important."
As part of the initiative, Schmidt's office along with the Departments of Homeland Security and Commerce are working with the Industry Botnet Group, a group of nine trade associations and nonprofit organizations, to promote nine principles aimed at hampering the damage botnets cause."The proliferation of botnets and malware in cyberspace threatens to undermine the efficiencies, innovation and economic growth of the Internet and diminishes the trust and confidence of online users," the Industry Botnet Group says in a statement promoting the principles. "Every participant has a role in helping to reduce the impact of malicious cyber attacks, such as botnets." The nine principles are:
- Share cyber responsibilities: Participants should employ reasonable technologies and sound practices, appropriate in the context of their business, to thwart the effectiveness of botnets across the phases of the lifecycle: prevention, detection, notification, remediation and/or recovery.
- Coordinate across sectors: To better analyze, prevent and combat threats, participants should share information about botnet incidents and other malicious activities among public, private and not-for-profit stakeholders.
- Confront the problem globally: Cybersecurity, and specifically the proliferation of botnets and malware, is a global problem requiring global attention, and participants should foster greater cooperation and cross-border collaboration between and among industry and government.
- Report lessons learned: In the appropriate manner and context, participants should share lessons learned, particularly their view of the effectiveness of various tactics, technologies, sound practices and other tried measures to thwart the effectiveness of botnets across the lifecycle.
- Educate users: Participants should make resources available to help educate customers to defend against and remediate from infections by botnets and malware and to illustrate the relationship between staying safer online and making the Internet more secure for everyone.
- Preserve flexibility: There is no single solution to address the dynamic threat of botnets and malware and efforts should remain flexible, allowing participants to undertake activities as appropriate to their core competencies, resources and customer needs.
- Promote innovation: Efforts to reduce the impact of botnets and malware should promote innovation and support the inclusion of new technologies, strategies, approaches and participants to better combat threats and protect customers.
- Respect privacy: While working to further trust and confidence online, participants should address privacy and security in the appropriate manner and abide by applicable laws and practices.
- Navigate the complex legal environment: Barriers to addressing cybersecurity threats may exist in today's complex global legal and regulatory environment, and any initiatives undertaken by participants to reduce the impact of botnets should comply with applicable laws and regulations.
Besides the nine principles, the Internet Botnet Group also is developing a framework for shared responsibility across the botnet mitigation lifecycle, which will include prevention and recovery, that reflects the need for continuing education efforts, innovative technologies and a feedback loop throughout all phases.
Also at the White House conference, the Financial Services Information Sharing and Analysis Center, known as FS-ISAC, announced the launch a pilot program to share information about botnet attacks in an effort it hopes will lead to standards that can be more widely used for information sharing on botnets outside of the financial-services sector.