The US government is looking at telling ISPs how to deal with compromised customers and botnets.
They’re a bit late to the party, though. Most of the major commercial ISPs have been implementing significant botnet controls for many years now. Control involves a number of different techniques, but notification has been designed into the system from day 1.
“There is no need for mandated action in this area since the market is already moving forward. Many ISPs are already doing a great deal to combat the menace of bots and malware. All over the U.S., ISPs currently have notification systems in place to tell their users they are infected and — whether they deliver these warnings via email, phone, walled gardens, or inline warnings — the warnings are being delivered,” says Michael O’Reirdan, chairman of the MAAWG. “Other ISPs currently have pilot programs or technology development efforts in place, and there will be more deployments in the near future.”
O’Reirdan says ISPs handled the spam battle on their own, and can also do so for battling bots. It has become a business issue for them, he says. “No one had to mandate anti-spam platforms: ISPs put them in place to deal with the menace of spam because, if they had not, they would have lost customers if customers’ mailboxes were overrun with spam. The same is happening with anti-bot platforms. It is becoming a ‘table stakes’ issue for ISPs, and legislating in this arena will merely lock the response of ISPs in stone to conform with the legislation rather than allow innovation and development to meet the rapidly varying nature of the bot challenge posed by the bad guys,” he says. Kelly Jackson Higgins
The ISPs have taken a leadership position in the area of protecting consumers from botnets. This has been a major discussion point at MAAWG for years. Many ISPs have worked closely with vendors to create detection and notification systems to mitigate and clean botnet infections.
RSS - Posts
The time for the government to take the lead on this was probably three or four years ago, and you have no idea how disappointed I am that this didn’t happen.
However, there’s still a role they can play, I think. They have massive data sources, so they could provide information to the ISPs as well (maybe better) than things like the CBL can. They could see the scope of those botnets and instantly know where the biggest ROI for cybercrime prosecutions would be. They could identify ISPs that are doing a truly horrible job of coping with their own problems, and provide incentives for improvement or levy punishments for inaction. They could better protect their own systems by aggregating this data in and then pushing it back out in real-time. They could identify which of those civilian internet connections are actually government-interest computers, by virtue of being the homes of servicemembers or contractors, and use those as stealth data sources. Probably a dozen other things I could rattle off as fast as I could type them. And there’s ways to do all of this without stifling innovation, or putting the burden on ISPs or their customers.
…but it’s probably still easier to do all of this in the private sector.