Incident Response, TDR

Advisory group to Obama: ISPs should step up real-time threat response

A tech advisory group, consisting of the nation's top scientists and engineers, provided a report assessing key cyber security needs, and opportunities for growth, in the country.

On Friday, the President's Council of Advisors on Science and Technology (PCAST) released the 31-page report (PDF), called “Immediate Opportunities for Strengthening the Nation's Cybersecurity.”

The analysis is notably the “unclassified” version of a report offered to President Obama in February, and was presented to make “key insights from that analysis available to a wider audience,” an introductory letter to the report said.

The PCAST advisory group was appointed by President Obama and is co-chaired by Eric Lander, the president of the Broad Institute of Harvard and MIT, and John Holdren, assistant to the President for science and technology. Members of PCAST include distinguished science and technology professors at the country's top universities and Microsoft and Google execs.

Six findings on the country's cyber security state were made in the report, along with recommendations for addressing needs and opportunities for improvement.

Namely, the report said that, since internet service providers (ISPs) were in a unique position to deliver “real-time action” for cyber attacks, the entities should step up to play a greater role in helping to stamp out threats.

“The ISPs control the actual connection of their customers to the internet – the so-called first hop,” the report said. “As just one example, ISPs are uniquely able to do ingress validation, checking that the connected machine is identifying itself honestly. In some situations, ISPs have both the means to detect compromised machines quickly (for example, machines recruited into a botnet) and the ability to do something about them – for example, to notify the customer and provide options for fixing the problem.”

“Lacking both a legal obligation to act and any protection against subsequent liability, however, such action by ISPs is quite rare. This needs to be changed,” the report said.

The council offered that the government should establish policies that “describe the desired behavior by ISPs as best (or minimum-acceptable) practices.”  The National Institute of Standards and Technology (NIST) should also work to help ISPs establish voluntary means by which companies can alert and guide users to the proper resources when their machines or devices are compromised, the council added.

Other report findings laid out specific ways the government can take the helm in supporting improved national cyber security.

For instance, PCAST advised the government to “lead by example” and speed up its own efforts in implementing best practices for hardening its systems against attacks. Specifically, the report recommended the phase out of Windows XP within the next two years, a 12-year-old, unsupported operating system that Microsoft has continued to warn users of.

PCAST also recommended that federal agencies universally adopt the Trusted Platform Model for securing systems and data and use automatically updating software.

Another finding in the report was that existing legislation, which regulates the security of private companies, presents itself as prime opportunity for regulators to promote cyber security best practices.

Along with "industry-driven" standards and threat reporting processes (which would be audited by third party groups), the council also highlighted that threat data should be shared among private sector entities, and between the public and private sector. Research to support development of dynamic, real-time defense technologies was also vetted in the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.