Collaborating Across the Entire Internet Ecosystem to Defeat Botnets

SpAccHeader

A May 2017 executive order – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure – tasked the Departments of Commerce and Homeland Security to lead an open and transparent process to identify ways to improve the resilience of the internet and communications ecosystem, and reduce threats perpetuated by botnets, particularly distributed denial of service (DDOS) attacks.

In support of this order, both the National Telecommunications and Information Agency (NTIA) and the National Institute of Standards and Technology (NIST) are soliciting public input. Last week NIST conducted a public workshop to explore the current and emerging solutions to enhance the resilience of the internet against these attacks. NCTA, representing the nation’s leading broadband providers, participated in the workshop as did some individual cable operators.

As part of NCTA’s effort to identify solutions, Matt Tooley, NCTA’s Vice President of Broadband Technology, served as principal author of a white paper published today by the Communications Sector Coordinating Council (CSCC) that seeks to further inform the shared process of protecting against botnets attacks amongst key participants in the internet ecosystem. Key to the paper is the conclusion that by sharing responsibility, the entire internet ecosystem can better mitigate the threats posed by malicious botnets and other automated systems. As infrastructure owners, ISPs have an important role in protecting against botnet attacks. In addition, manufacturers, software developers, and other service and edge providers have key roles. By working in concert, the paper points out these stakeholders serve strongest together as the best defense against the threat of automated botnet attacks.

Anatomy of a Botnet Attack

In the paper, the CSCC identifies a number of challenges with mitigating the risks of a malicious botnet attack as well as opportunities for increased collaboration and cooperation to address problems. Highlights of this process include improving the sharing of actionable information, managing end-user notifications of malware infections, and defending against unsecured internet-of-things devices.

The CSCC paper also proposes actionable steps that internet ecosystem participants, including ISPs, should consider to prevent automated attacks. These include supporting a continued migration to IPv6, encouraging the adoption of machine learning techniques to better detect botnets, and streamlining the law enforcement process used to take down botnets.

The full paper is available here.