Senate subcommittee looks to stop botnet threat
In a Tuesday hearing, a Senate subcommittee heard testimony from government and private sector security experts over the botnet explosion.
Concerned that botnets can marshal “a virtual army of millions, most of whom have no idea that they have been conscripted” to carry out their attacks, Senator Sheldon Whitehouse (D-R.I.), head of a Senate subcommittee on crime tapped security luminaries from the private sector as well as the FBI and Justice Department to testify at a hearing aimed at mitigating the threat and disrupting cyber crime networks.
Whitehouse, chairman of the Senate Judiciary Committee Subcommittee on Crime and Terrorism, is mulling the idea of introducing legislation along with fellow committee member, Sen. Lindsay Gramm (R-S.C.) to drop the hammer on hackers.
It was clear from the tone of the hearing and the questions asked that “they are looking for ways to increase resources for law enforcement and training,” Cheri McGuire, vice president of Global Government Affairs & Cybersecurity Policy at Symantec, told SCMagazine.com.
They're also, she said, “looking for ways to improve on the international side.”
In her own testimony before the subcommittee, McGuire stressed that “cybercrime and botnets are a borderless crime” and thwarting them “requires the cooperation and coordination — between the government and the private sector, between governments, and within the private sector itself.”
To do that, though, she told the senators, the private sector needs to know “we can work with our government partners and with our private sector counterparts to disrupt botnets without having to look over our shoulder to ensure we are not running afoul of the law.”
McGuire told SCMagazine.com that the Justice Department had taken an important step toward encouraging the kind of information-sharing necessary to mitigate threats quickly and efficiently when it announced last month, in conjunction with the Federal Trade Commission (FTC), that companies would not face antitrust action for sharing threat information.
“That was an important statement to motivate fearful companies to share information,” she said.
McGuire noted that as the Internet of Things becomes more of a reality the threat from botnets, or rather “thingbots,” will increase. Once refrigerators and thermostats — and just about everything else — are hooked into the internet, cyber criminals will have a whole new army of devices to marshal to launch cyber attacks.
“I don't think we're too far off” from this scenario, she said. Not only are those devices not secured — nor do most manufacturers even have the infrastructure to add security, much less issue patches and updates — but users aren't likely to understand and take measures to protect themselves.
“With laptops and computers awareness is high [in the 80 percent range] but when it comes to mobile devices awareness drops to about 50 percent,” McGuire said. “Imagine what it would be for all of these other things.”