FCC, NIST leading fight against 'zombie armies'

Friday - 3/23/2012, 5:15am EDT

Botnets are plaguing the Internet. Experts estimate one in 10 computers are infected by malware or a virus that lets bad actors take control of the system and use it to steal information or attack other networks.

Botnets, or zombie armies, are not new, but the increased sophistication of the technology and the widespread use of online services are causing the Federal Communications Commission and the National Institute of Standards and Technology to become more aggressive in stopping them.

The FCC and NIST are teaming with commercial Internet Service Providers (ISPs) on a new Industry Botnet Group (IBG) to help stem the flow of attacks. With more than 80 percent of all federal networks depending on commercial ISPs, the attention to preventing or remediating botnets attacks crosses private and public sectors.

"A botnet infection can lead to monitoring of the consumer's personal information and communications, and also to exploitation of that consumer's computing power and Internet access," said Miriam Perlberg, a senior director for cybersecurity policies on the White House's National Security Staff, Thursday during a meeting of the FCC's Communications, Security, Reliability and Interoperability Council meeting in Washington. "Researchers suggest an average of about 4 million new botnet infections occur each new month. The vast majority of botnet attacks occur by using our own computers and our own computing resources to compromise our own infrastructure."

Perlberg added botnets damage the economy by increasing the price of doing business and threatening individual privacy.

She said the IBG would focus on four areas:

  • Develop high level principles for addressing botnets.

  • Develop a strategy to increase public awareness on botnets and related malware, including a focus on prevention and remediation.

  • Use consumer focused information tools and resources to prevent and remediate botnet infections.

  • Identify inventory measurement standards by collecting progress reports on the botnet environment, the effects of education and the health of the ecosystem.

"These goals draw on the expertise from the widest range of players, led by the private sector, only bringing in government to partner as needed on items like education, consumer privacy and key safeguard," Perlberg said.

The IBG grew from a request for information NIST issued in September asking for possible requirements and approaches to creating a voluntary code of conduct to address the detection, notification and mitigation of botnets.

NIST will conduct a botnet workshop May 30 in Gaithersburg, Md., to further the discussion about identifying available and needed technologies and tools to recognize, prevent and remediate botnets. The workshop also will explore current and future efforts to develop botnet metrics and methodologies for measuring and reporting botnet metrics over time. Additionally, it will help NIST understand where ecosystem stakeholders are in terms of roles and responsibilities.

New recommendations for ISPs

Along with the new Industry Botnet Group, the FCC's Communications, Security, Reliability and Interoperability Council approved plans for a voluntary set of standards for ISPs to deal with botnets.

Mike O'Reirdan of the Messaging Anti-Abuse Working Group is the chairman of the working group that developed the report and recommendations. He said the recommendations have five major objectives, including encouraging ISPs to work with customers to help them understand how to make their systems more secure.

The working group also wants service providers, such as AT&T, Verizon, CenturyLink and Comcast, to get involved in detecting botnets on their networks and to notify end users of infections. Most of all, the report recommends ISPs work together more closely.

"An awful lot of the good work that has been done on things like spam was been done because of collaboration and sharing," O'Reirdan said. "That is the most effective way. The Internet is a collaborative environment, and for us to actually deal with this problem, we need to deal with it in a collaborative manner."

He emphasized the code of conduct is voluntary, technology neutral and doesn't prescribe any particular approach.

Julius Genachowski, chairman of the FCC, said many of the major ISPs already have implemented much of the standards called for in the report.

"The work of [the council] that you are all here today for is the FCC's most significant effort yet to enhance cybersecurity," he said. "We called on you to develop cybersecurity solutions, real steps that materially will enhance our security and to do it in a way that preserves the ingredients that have and will fuel the Internet's growth and success."

Genachowski said the multi-stakeholder approach works best to figure out the best ways to solve problems.