The Obama Administration today announced a new set of public-private partnership initiatives aimed at combating the rising use of botnets.
Industry estimates suggest that one in 10 computers in the U.S. is currently infected by a botnet – software used by hackers to seize control of vast numbers of personal computers for malicious or illegal intent.
“The issue of botnets is larger than any one industry or country,” said White House Cybersecurity Coordinator Howard Schmidt. “This is why partnership is so important.”
The initiatives represent an expanded effort by the White House Cybersecurity Office, the U.S. Departments of Commerce and Homeland Security (DHS) and the Industry Botnet Group (IBG) to help identify and prevent botnet infections and remediate their effects on personal computers. IBG is made up of trade associations and nonprofit groups representing thousands of companies across information, communications, and financial services industries.
“Botnets continue to increase the price of doing business online and place our companies at a competitive disadvantage, while threatening our individual privacy,” said Under Secretary of Commerce for Standards and Technology Patrick Gallagher. “Today’s efforts are only the beginning of the actions we can take, but working together through this public-private partnership we can start to combat these challenges.”
The new and expanded cybersecurity measures include:
1. The IBG launched today a list of principles for voluntary efforts to reduce the impact of botnets in cyberspace, including coordination across sectors, respect for privacy, and sharing lessons learned. IBG has also developed a framework for shared responsibility across the botnet mitigation lifecycle from prevention to recovery that reflects the need for ongoing education efforts, innovative technologies, and a feedback loop throughout all phases. Both are available at http://industrybotnetgroup.org.
2. The Financial Services Information Sharing and Analysis Center (FS-ISAC), which cooperates closely with DHS and the Treasury Department, will begin work on a pilot to share information about botnet attacks this year. The effort will lead to standards that can be more widely used for information sharing on botnets outside of the financial services sector.
3. Several IBG members are launching “Keep a Clean Machine” campaign today – an education campaign for consumers supported by DHS, the Federal Trade Commission (FTC), the National Cybersecurity Alliance and several companies.
4. The FBI and Secret Service have recently stepped up private sector information sharing, and their coordinated efforts have shut down massive criminal botnets such as Coreflood, which compromised millions of private computers and lead to the theft of millions of dollars.
The National Institute of Standards and Technology was also expected to present new research projects and technologies to combat botnets and speed remediation at a workship scheduled today.
Technology and Public Policy Program Director, James Lewis, at Center for Strategic and International Studies, called the new effort “a good thing to do. If it is broadly adopted, it will really have an effect. We’ve seen it produce dramatic effect in the countries that already have anti-botnet efforts like this,” he told Breaking Gov.
The IBG is using a voluntary model that has worked successfully for the Financial Services Information Sharing and Analysis Center, and which complements the Federal Communication Commission’s “Code of Conduct” on collaborative recommendations for Internet service providers.
Administration officials reiterated the initiatives announced today are intended to support voluntary, private sector-led efforts, rather than establish any new mandates, allowing industry to respond nimbly to dynamic cyber threats. They do not prescribe any particular means or method and allow for flexibility in application by a wide range of participants and business models.
The announcement was made at an event at the White House today hosted by Schmidt, who announced his retirement from the post earlier this month. Joining in the announcement were FCC Chairman Julius Genachowski, DHS Secretary Janet Napolitano, Under Secretary Gallagher, and select industry CEOs.
“Cybersecurity is a shared responsibility – the responsibility of government, our private sector partners, and every computer user,” said Napolitano. “DHS has set out on a path to build a cyber system that supports secure and resilient infrastructure, encourages innovation, and protects openness, privacy and civil liberties.”
“No one entity can combat these security challenges alone,” said Liesyl Franz, vice president for cybersecurity policy at TechAmerica, speaking on behalf of the IBG. “Individually we can take measures to defend ourselves, and together we can do even more to protect the ecosystem.”
The malicious software that create botnets can make consumers’ private and financial information available to hackers, slow down and harm consumers’ computers, and turn consumers into unwitting disseminators of spam emails. More broadly, botnets tend to increase the cost of doing business and can place affected companies at a competitive disadvantage.
The Industry Botnet Group and government partners announced the following new or expanded initiatives to combat botnets: