FCC Urges ISPs to Take More Active Role in Cybersecurity
In a speech given at the Bipartisan Policy Center on February 22, FCC Chairman Julius Genachowski called on Internet service providers to take a more active role in cybersecurity while appearing to defend the principles of an open Internet. Singling out domain name fraud, IP hijacking and botnets, he urged what he termed "Internet stakeholders" to deal with these threats more aggressively.
"Today, I’m calling on all ISPs, working with other stakeholders, to develop and adopt an industry-wide Code of Conduct to combat the botnet threat and protect the public," Genachowski said. "This Code of Conduct would be a major step forward and a significant complement to the [Obama] Administration’s broader efforts." Genachowski suggested that "Consumer education is a key piece of the solution" to these threats. "ISPs can play a significant role in the battle against botnets." he said. "They can increase customer awareness so that users can look for signs that their computers are being used as bots, detect infections in customers’ computers, notifying customers when their computers have become infected, and offer remediation support."
Genachowski's suggestions for dealing with IP hijacking were more extensive. "I strongly urge ISPs to support the development of secure routing standards and plan to implement them when they are ready," he said. "Costs of implementation can be minimized by putting in place the new technical standards during routine hardware and software upgrades." Naturally, the speech was short on technical data, so it is unclear whether Genachowski is aware of any specific means of implementing such standards absent federal mandate. Still, pointing out an event in 2010 when "15% of the world’s Internet destinations was diverted through Chinese servers for approximately 18 minutes," he noted, vaguely, that the benefits of preventing such unauthorized rerouting would be "enormous".
To combat domain name fraud, Genachowski cited security extensions to the Domain Name System developed by the Internet Engineering Task Force, the Domain Name System Security Extensions, or DNSSEC. Though DNSSEC still experiences the so-called zone enumeration issue that forces exposure of information previously kept private, Genachowski notes it has already been adopted widely by government entities and that "DNSSEC is ready to be implemented" in the private sector.
Genachowsk's remarks also covered the issue of privacy and an open Internet. "Privacy is a similarly important principle," he said. "There are some who suggest that we should compromise privacy to enhance online security. This too is a false choice. Privacy and security are complementary – both are essential to consumer confidence and adoption of broadband. We can and must improve online security while protecting individuals’ privacy." Though vague, these remarks suggest that the Obama Adminstration remains unwilling to revisit SOPA and PIPA. Even if his remarks on privacy are suspiciously similar to those made when he refused to stake out a position on SOPA, it indicates one less headache for those now focusing energies on combating ACTA.