An industry advisory group to the Federal Communications Commission comprised of the nation’s largest Internet service providers unanimously adopted recommendations for voluntary action to combat three major cyber security threats: botnets, attacks on the Domain Name System and Internet route hijacking.
The group, the Communications, Security, Reliability and Interoperability Council, was applauded by FCC Chairman Julius Genachowski for the commitment being made.
“The recommendations approved today identify smart, practical, voluntary solutions that will materially improve the cyber security of commercial networks and bolster the broader endeavors of our federal partners,” Genachowski said.
CSRIC is a federal advisory committee established at the direction of the FCC chairman to provide recommendations regarding the security, reliability, and interoperability of the nation’s communications system. Currently, CSRIC is composed of more than 50 communications experts from the private sector (including ISPs), public safety, consumer organizations and tribal, local, state and federal governments.
The advisory committee endorsed industry-based recommendations in each of these three areas, including:
- Anti-Bot Code of Conduct: To reduce the threat of botnets in residential networks, CSRIC recommended a voluntary U.S. Anti-Bot Code of Conduct for Internet Service Providers (Anti- Bot Code). Under the Anti-Bot Code, ISPs agree to educate consumers about the botnet threat, take steps to detect botnet activity on their networks, make consumers aware of botnet infections on their computers, offer assistance to consumers whose computers are infected and collaborate with other service providers that have also adopted the Anti-Bot Code.
- DNS Best Practices: CSRIC recommended that ISPs implement best practices to better secure the Domain Name System. DNS works like a telephone book for the Internet, but lack of security for DNS has enabled spoofing, allowing Internet criminals to coax credit card numbers and personal data from users who do not realize they are on an illegitimate website. DNSSEC is a set of secure protocol extensions that prevent such fraudulent activity. This recommendation is a significant first step toward full DNSSEC implementation by ISPs and will allow users, with software applications like browsers, to validate that the destination they are trying to reach is authentic and not a spoofed website.
- IP Route Hijacking Industry Framework: CSRIC recommended an industry framework to prevent Internet route hijacking, which is the erroneous routing of Internet traffic through potentially untrustworthy networks. CSRIC recommended that ISPs work to implement new technologies and practices to reduce the number of these events, thereby ensuring that users in the U.S. can be more confident that their Internet traffic will not be exposed to scrutiny by other networks, foreign or domestic, through misrouting.