Both government and the private sector must take action to combat the threat of botnets — networks of computers infected with malicious software that allows a hacker to control their actions — according to a May 30, 2018, report to the president.
The “Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats” report released by the Department of Homeland Security and Department of Commerce was mandated under a May 2017 executive order on cybersecurity. It draws from federal agency and private sector input.
To begin the process, the report proposed 24 actions that align with five overarching goals, ranging from improving the cybersecurity of internet of things devices to promoting engagement between different industries impacted by the botnet problem.
According to Andy Ellis, the chief security officer at Akamai, the report is the “spiritual descendant of a 2004 National Infrastructure Advisory Council Internet Hardening Working Group Report out of DHS.
“That we still see many of the same challenges at once both disheartening — that we haven’t fixed them yet — and affirming — that we correctly identified the really hard problems, rather than the simple problems,” Ellis added.
The tax agency is getting hit from all sides but was able to ward off at least one recent attack.
The federal government, however, will take the following five steps to begin reducing the threat that botnets pose:
Develop a prioritized road map of coordinated actions
According to the report, many of the 24 actions depend on federal support or leadership, while others follow a specific timeline that must be carried out in the right order. A centralized road map of planned government and industry actions would aid in keeping improvement plans on track.
“The Departments of Commerce and Homeland Security, in coordination with industry, civil society, and in consultation with international partners, should be tasked with developing an initial road map with prioritized actions within 120 days after approval of this report,” the report said. “Government and the private sector will work together to ensure that the road map is updated and maintained as stakeholders accomplish the identified actions.”
Lead by example
The government intends to be a “good neighbor” and benefit the cyber ecosystem by using its policies to set the standard for botnet secure practices.
“In particular, steps by federal agencies to implement egress filtering to prevent network address spoofing, close reflectors used to amplify traffic volumes and measure agency compliance (and potentially name and shame bad actors) would demonstrate federal resolve and encourage beneficial action by other parties,” the report said.
Public comment on the draft version of the botnet report also noted that the government could make healthy inroads with its procurement practices by demanding that its technology purchases are hardened against botnet exploitation.
Foster private sector leadership and cross-sector collaboration
Though the report admits that many of the actions established in the road map will have to be led by an industry sector, academia or civil society, the government can use its convening power to ensure that the frontrunners in botnet security can voice their best practices.
“Until a mutually agreed party or parties from the private sector are identified, the federal government will provide a coordination and communication mechanism for continued implementation, and will convene periodic meetings of the relevant parties,” the report said.
John Miller, vice president of global policy and law for the Information Technology Industry Council, applauded the report’s focus on industry and government working together, adding that his organization looked forward to “rolling up our sleeves and working with government and [information and communication technology] partners.”
Provide a 365-day status report to the president on road map implementation
Exactly one year after the road map’s initial publication, the Departments of Commerce and Homeland security will produce a report on the progress made on the roadmap, the impacts of that progress, a reassessment of the threat posed by botnets and whether any adjustments are required to the roadmap.
Promote global participation through U.S. engagement in international policy
The report acknowledged that botnets are a global problem that will require the participation of nations and other relevant entities around the world to resolve. Therefore, the U.S. government will have the opportunity to influence the development of international standards and processes.
“The federal government is also uniquely positioned to lead the international engagement required to establish broadly accepted policies and best practices and will enhance coordination with stakeholders on these efforts,” the report said.