Administration unveils plan for battling botnets
- By William Jackson
- May 30, 2012
The Obama administration and a private-sector working group have announced a cooperative initiative to combat malicious botnets, which are being called a growing threat to the online economy and national security.
The Industry Botnet Group and the Homeland Security and Commerce departments released on May 30 a set of principles for addressing the challenge of botnets across the entire Internet ecosystem. In addition to this framework for collaboration, the government also will step up public outreach efforts to educate users about online threats and will coordinate efforts to address the technical threats posed by botnets.
On May 30, the National Institute of Standards and Technology hosted a workshop on the technical aspects of botnet activity, aimed at disrupting the botnet life cycle and removing malicious code on compromised devices.
Botnet tracker locates zombies inside federal agencies
DHS, Commerce looking to battle botnets
Botnets are networks of compromised computers that can be coordinated through command-and-control servers operated by criminals or others. Malware on compromised computers can be updated and used for a variety of purposes, including information stealing, spamming, mounting distributed denial-of-service attacks and infecting new computers. The networks often are rented out by their controllers for malicious purposes, and because of their distributed nature they can be difficult to defend against.
The Industry Botnet Group was formed in January as a result of a Commerce Department effort to develop a consensus on how to combat the threat of botnets.
Because botnets extend from individual user devices through networks and service providers and can threaten a government and private-sector enterprises with a variety of high- and low-tech exploits and attacks, it was decided that a unified effort was needed to address them. One of the group’s first goals was to develop a set of voluntary principles for cooperation across organizations and sectors:
- Share cyber responsibilities. Participants should employ reasonable technologies and sound practices to thwart the effectiveness of botnets across entire life cycle of botnet defense, including prevention, detection, notification, remediation and/or recovery.
- Coordinate across sectors. To better analyze, prevent and combat threats, participants should share information about botnet incidents and other malicious activities among public, private, and nonprofit stakeholders.
- Confront the problem globally. Cybersecurity, and specifically the proliferation of botnets and malware, is a global problem requiring global attention, and participants should foster greater cooperation and cross-border collaboration between and among industry and government.
- Report lessons learned. In the appropriate manner and context, participants should share lessons learned on the effectiveness of tactics, technologies, practices and other measures to thwart the effectiveness of botnets.
- Educate users. Participants should make available access to resources to help educate customers to defend against and remediate from infections by botnets and malware.
- Preserve flexibility. There is no single solution to address the dynamic threat of botnets and malware, and efforts should remain flexible, allowing participants to undertake activities as appropriate.
- Promote innovation. Efforts to reduce the impact of botnets and malware should promote innovation supporting new technologies, strategies, approaches and participants to better combat threats and protect customers.
- Respect privacy. Participants should address privacy and abide by applicable laws and practices.
- Navigate the complex legal environment. Any initiatives undertaken by participants to reduce the impact of botnets should address barriers to addressing cyber threats in the complex global legal and regulatory environment, while complying with applicable laws and regulations.
The NIST workshop is addressing technical issues of botnets, including:
- How standardized metrics, measurements and reporting of botnets should be implemented.
- Technologies, tools and resources needed to effectively detect, prevent and remediate botnets.
- Current and future efforts and challenges to effectively countering botnets, including identification of gaps in existing solutions.
- Roles and responsibilities of government and private-sector stakeholders in this complex ecosystem.
William Jackson is freelance writer and the author of the CyberEye blog.