The Obama administration on Wednesday revealed new initiatives to combat botnets, believed to present one of the greatest threats to the integrity of the internet. Botnets are employed by cyber thieves to gain control of computers to perform illegal activities, including siphoning off assets, initiating denial of service (DoS) attacks, which could shut down a targeted website, or distributing spam.
The initiatives stem from a voluntary public-private partnership between the White House Cybersecurity Office and the U.S. Departments of Commerce and Homeland Security (DHS), which coordinate with private industry to lead the Industry Botnet Group (IBG), a group of nine trade associations and nonprofit organizations representing thousands of companies.
“The issue of botnets is larger than any one industry or country,” said White House Cybersecurity Coordinator Howard Schmidt at an event to announce the program (Schmidt recently announced his resignation). Also present at the event were Federal Communications Commission Chairman Julius Genachowski, Department of Homeland Security Secretary Janet Napolitano, Under Secretary of Commerce for Standards and Technology Patrick Gallagher, and a number of industry CEOs.
According to an administration official who spoke with SCMagazineUS.com on Friday, "industry deserves credit for the real work in getting this done."
He said that the strategy goes back to a Commerce greenpaper on cyber security looking at areas where the government saw a solution in the private sector that could alleviate the botnet problem, but was not gaining traction and collective action.
"Companies didn't want to invest if other companies weren't," the administration official said.
A call went out from the Departments of Commerce and Homeland Security to the private sector to find ways to build incentives for companies to implement best practices around botnets.
"We were pleasantly surprised to find so much agreement," the official said.
A series of meetings at the White House followed, led by Schmidt, which led to the writing of IBG's "Principles for Voluntary Efforts to Reduce the Impact of Botnets in Cyberspace," he said.
“Cybersecurity is a shared responsibility – the responsibility of government, our private sector partners and every computer user,” Napolitano said at Wednesday's event, according to a release. “DHS has set out on a path to build a cyber system that supports secure and resilient infrastructure, encourages innovation, and protects openness, privacy and civil liberties.”
The Online Trust Alliance (OTA) was also at the event to support the IBG's principles.
“We have a shared responsibility to commit resources to address the growing threats from botnets, which threaten to undermine the digital economy,” Craig Spiezle, executive director and president, Online Trust Alliance, said in a statement. “Preserving online trust and confidence needs to be a priority and the broad adoption of the Industry Botnet Group principles is an important step toward protecting the internet.”
Source: U.S. Department of Commerce
The Industry Botnet Group and government partners announced on Wednesday at an event at the White House the following new or expanded initiatives to combat botnets:
The IBG launched a list of principles for voluntary efforts to reduce the impact of botnets in cyberspace, including coordination across sectors, respect for privacy and sharing lessons learned. IBG has also developed a framework for shared responsibility across the botnet mitigation lifecycle from prevention to recovery that reflects the need for ongoing education efforts, innovative technologies, and a feedback loop throughout all phases. Both are available here.
The Financial Services Information Sharing and Analysis Center (FS-ISAC), which cooperates closely with DHS and the Treasury Department, unveiled its work on a pilot to share information about botnet attacks this year. The effort will lead to standards that can be more widely used for information sharing on botnets outside of the financial services sector.
Several IBG members launched the “Keep a Clean Machine” campaign on Wednesday – an education campaign for consumers supported by DHS, the Federal Trade Commission (FTC), the National Cybersecurity Alliance and several companies.
The FBI and Secret Service have recently stepped up private sector information sharing, and their coordinated efforts have shut down massive criminal botnets, such as Coreflood, which compromised millions of private computers and lead to the theft of millions of dollars.