Federal Communications Commission Chairman Julius Genachowski today called upon the nation’s Internet Service Providers (ISPs) to “take concrete steps” to improve Internet security for consumers and critical infrastructure, warning that a failure to do so could slow broadband adoption and threaten the nation’s economy.

With more than $8 trillion exchanged electronically every year, Genachowski warned that sophisticated hackers are gaining the expertise to “shut down the Internet…shut down our economy [and] compromise our growth engine.”

Genachowski made these remarks during an event on the future of cybersecurity hosted by the Bipartisan Policy Center in Washington, D.C.

In what he characterized as “smart, practical, voluntary solutions,” Genachowski urged ISPs to immediately begin planning for the deployment of new security standards that the FCC believes would lead to significant improvements in cybersecurity, particularly in the areas of defending against botnets, domain name system (DNS) fraud, and Internet route hijacking.

It is a testament to how bad the security situation is that [the FCC chairman] is prepared to come up and jawbone ISPs, even though he’s got very limited authority, to do these things.”

A botnet is a collection of computers that have all been infected with malicious software and are typically under the control of an attacker. Most victims, particularly home users, are never aware that their computer has been infected and has become a “bot” in an attacker’s botnet. One of the largest botnets discovered to date involved 12 million compromised computers in 190 countries.

The domain name system, or DNS, is the Internet’s address book and translates a URL typed into a Web browser into a machine-readable Internet Protocol (IP address). Attackers have been able to compromise the DNS in ways that allow them to setup fake Web sites and trick users into sharing personal and financial information.

Internet route hijacking involves security vulnerabilities in the Border Gateway Protocol (BGP), which manages the core routing decisions of the Internet, including routing between different ISPs. Vulnerabilities in BGP have allowed attackers to take over large groups of IP addresses by corrupting Internet routing tables. In fact, last year 15 percent of the world’s Internet destinations were redirected to a server in China for approximately 18 minutes, costing an untold amount of financial damage.

Genachoswki said his staff at the FCC has estimated the cost of these three security problems alone have cost “tens of billions” of dollars. He was careful to point out, however, that “the best response to these threats is not government dictating security standards to private companies,” but having ISPs adopt existing standards in the course of their normal hardware and software upgrades.

To battle the growing problem of botnets, Genachowski called upon ISPs to adopt an “industry-wide code of conduct” to detect botnet infections, make customers aware when their computers have been compromised, and offer remediation support.

He also called on ISPs to plan for and adopt secure routing standards “as soon as possible” and to speed up the adoption of DNS Security Extensions, known as DNSSEC. “DNSSEC is ready to be implemented, but adoption in the private sector has been slow,” said Genachowski.

But after Genachowski’s statements, a panel of experts led by former CIA director Gen. Michael Hayden, agreed that while botnets, DNS fraud and Internet route hijacking are critical threats, solutions will not happen overnight.

Michael Glenn, director of Enterprise Technology Security at CenturyLink Inc., the third largest telecommunications company in the U.S., said although there are already significant economic incentives for ISPs to voluntarily adopt and implement these new security standards, the problems identified by Genachoswki are very difficult to solve.

BGP and DNS “were developed as very lightweight protocols,” said Glenn. “We’re now trying to put very heavy weight cryptographic security measures on top of those. With that comes a lot of problems. It affects cost for ISPs, it could affect scalability and it could affect reliability,” he said.

Stewart Baker, a partner at the lawfirm of Steptoe & Johnson LLP and the former Assistant Secretary for Police at the Department of Homeland Security, said the security problem is getting worse faster than any of the recommendations Genachowski made could address.

“It is a testament to how bad the security situation is that [the FCC chairman] is prepared to come up and jawbone ISPs, even though he’s got very limited authority, to do these things,” said Baker.

“These things will help if and when they actually happen. But we’ve been talking about doing some of these things for 10 years and haven’t yet gotten there.”

Hayden, however, who was the director of the National Security Agency (NSA) in 2000 when a software problem caused the agency’s entire IT network to go down for nearly 96 hours (leaving the nation’s intelligence and defense community literally deaf to potential threats), struck a more optimistic tone.

When the NSA IT network went down for 4 days at Fort Meade, “I decided as director that there was no possible course of action that I could take with regard to our IT systems that could be worse than standing still,” said Hayden.

“So, my compliments to the FCC for setting out a course of action,” he said.