The cybersecurity measures were recommended this week by the Communications, Security, Reliability, and Interoperability Council (CSRIC), an advisory body to the Federal Communications Commission. ISPs that are members of the CSRIC – including AT&T, CenturyLink, Comcast, Cox, Sprint, Time Warner Cable, and Verizon – agreed to put the measures into practice.
To combat botnets, the ISPs agreed to adopt a code of conduct, which includes educating consumers about the botnet threat, taking steps to detect botnet activity on their networks, notifying and assisting consumers when their computers have been compromised by botnets, and collaborating with other ISPs to thwart botnets.
To prevent DNS attacks, the ISPs agreed to implement DNSSEC, a set of secure protocol extensions that prevent fraudulent activity, such as DNS spoofing that enables criminals to steal credit card information and other personal data from victims who visit fraudulent websites. DNSSEC applies digital signatures to DNS data to authenticate the data's origin and verify its integrity as it moves throughout the internet.
To thwart internet route hijacking, ISPs agreed to implement new technologies and practices to reduce the incidents of internet trafficking being routed through untrustworthy networks.
The CSRIC is composed of more than 50 communications experts from the private sector, including ISPs, internet companies, and trade associations, as well as public safety agencies, consumer organizations, and tribal, local, state and federal governments.
Craig Spiezle, president of CSRIC member Online Trust Alliance (OTA), said that the measures recommended by the council are the “floor, not the ceiling” for companies to meet in order to secure the internet.
Spiezle, who is a voting member of the CSRIC, told Infosecurity that the botnet issue is the most pressing of the three areas for companies to address. “The most meaningful today is…the proliferation of bots, which then become distribution networks for malware, keystroke loggers, and other online malicious activity”, he stressed.
Based on OTA analysis and initial ISP self-reporting, approximately 29% (or 23 million) of the 81 million US households who have broadband service are realizing added protection from ISPs who have adopted the anti-bot code of conduct.
“We all have a shared responsibility, consumers and businesses, to patch machines and keep them up-to-date. Up to 90% of the breaches are the result of unpatched machines. ISPs have an opportunity to exert leadership” in this area, Spiezle concluded.