In a blog post, Charney said that the international community needs to go on the offensive in combating criminal elements that use viruses on the internet. Simply playing defense is no longer working.
The international community should undertake “vaccination” efforts against computer viruses the way health organizations undertake vaccination campaigns against human viruses Charney wrote. Those computers that are not vaccinated pose a risk of epidemic to the internet society.
“Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society. In the physical world, international, national, and local health organizations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others. Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk. To realize this vision, there are steps that can be taken by governments, the IT industry, Internet access providers, users and others to evaluate the health of consumer devices before granting them unfettered access to the Internet or other critical resources,” he added.
In a paper presented at the International Security Solutions Europe (ISSE) Conference in Berlin, Charney called for a collective defense effort on the part of the international community to fight viruses on the internet.
Charney laid out a number of principles of his collective defense of the internet vision:
- The risk that botnets present to internet users and critical infrastructures must be addressed.
- Collective defense can and should be used to help improve the security of consumer devices and protect against such cyber threats.
- A public health model can empower consumers and improve internet security.
- Voluntary behavior and market forces are the preferred means to drive action, but if these means fail, governments should ensure these concepts are advanced.
- Privacy concerns must be carefully considered in any effort to promote internet security by focusing on device health.
“The rate of growth of the information society, the sophistication of threats targeting users, and the potential consequences of consumer devices being directed towards critical infrastructures requires new thinking and new collective action by the Internet community. We cannot expect consumers to become security experts, but if we think about how the public health model helps consumers to understand when they are ill and when they should get treated, we can come up with relevant concepts that are applicable to Internet security,” he concluded.