Sign in with
Sign up | Sign in

FCC Urges ISPs to Take More Active Role in Cybersecurity

By - Source: Gov Info Security | B 8 comments

In a speech given at the Bipartisan Policy Center on February 22, FCC Chairman Julius Genachowski called on Internet service providers to take a more active role in cybersecurity while appearing to defend the principles of an open Internet. Singling out domain name fraud, IP hijacking and botnets, he urged what he termed "Internet stakeholders" to deal with these threats more aggressively.

"Today, I’m calling on all ISPs, working with other stakeholders, to develop and adopt an industry-wide Code of Conduct to combat the botnet threat and protect the public," Genachowski said. "This Code of Conduct would be a major step forward and a significant complement to the [Obama] Administration’s broader efforts." Genachowski suggested that "Consumer education is a key piece of the solution" to these threats. "ISPs can play a significant role in the battle against botnets." he said. "They can increase customer awareness so that users can look for signs that their computers are being used as bots, detect infections in customers’ computers, notifying customers when their computers have become infected, and offer remediation support."

Genachowski's suggestions for dealing with IP hijacking were more extensive. "I strongly urge ISPs to support the development of secure routing standards and plan to implement them when they are ready," he said. "Costs of implementation can be minimized by putting in place the new technical standards during routine hardware and software upgrades." Naturally, the speech was short on technical data, so it is unclear whether Genachowski is aware of any specific means of implementing such standards absent federal mandate. Still, pointing out an event in 2010 when "15% of the world’s Internet destinations was diverted through Chinese servers for approximately 18 minutes," he noted, vaguely, that the benefits of preventing such unauthorized rerouting would be "enormous".

To combat domain name fraud, Genachowski cited security extensions to the Domain Name System developed by the Internet Engineering Task Force, the Domain Name System Security Extensions, or DNSSEC. Though DNSSEC still experiences the so-called zone enumeration issue that forces exposure of information previously kept private, Genachowski notes it has already been adopted widely by government entities and that "DNSSEC is ready to be implemented" in the private sector.

Genachowsk's remarks also covered the issue of privacy and an open Internet. "Privacy is a similarly important principle," he said. "There are some who suggest that we should compromise privacy to enhance online security.  This too is a false choice.  Privacy and security are complementary – both are essential to consumer confidence and adoption of broadband.  We can and must improve online security while protecting individuals’ privacy." Though vague, these remarks suggest that the Obama Adminstration remains unwilling to revisit SOPA and PIPA. Even if his remarks on privacy are suspiciously similar to those made when he refused to stake out a position on SOPA, it indicates one less headache for those now focusing energies on combating ACTA.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 5 Hide
    COLGeek , February 24, 2012 1:13 PM
    This should provide for some entertaining discussions......
  • 3 Hide
    davewolfgang , February 24, 2012 1:38 PM
    So let's "Suggest" (Force) you private companies to do this stuff that the courts have ALREADY told us we aren't allowed to do....Oh, your licenses are up for renewal and you haven't done as we've "suggested"......

    NO!
  • 1 Hide
    in_the_loop , February 24, 2012 4:08 PM
    This is going in the direction of forcing people to specify the real adress/name information when doing the domain registration. There are proposals of a new whois system, where all information about a URL is exposed (so no "rogue" websites can hide behind anonymous ip;s). That is, you won't get a new URL, unless you register with the correctly identifiable information that ties and individual/company to a certain ip.
    That would be a big blow for anonymity!
  • Display all 8 comments.
  • 2 Hide
    Anonymous , February 24, 2012 4:59 PM
    The issue here has nothing to do with anonymity. The issue is once again the FCC just doesn't understand the internet and wants someone else to fix the issue that lies with the hosting servers / network.

    Government websites keep going down because of DDoS' so we must have the middleman fix it by buying very expensive deep packet inspectors and stop it there. Guess what in order to do that the ISP will pass along the charges to the customers saying they have no choice.

    The real issue is that you have people that are most likely higher end managers that have no idea what really needs to be done to protect their own servers even though its pretty simple.

    The attacks really break down into 2 categories, 1 is automated (such as DDoS / Script Kiddies) and the second is actual hackers.

    The 1st type is very easy to protect against, you just properly setup your network and hire programmers and system admins who know what they are doing. If you hire the correct people you get rid of sql injections (the #1 attack used by script kiddies). If you put the correct DDoS mitigation hardware in, no more DDoS', imagine that. Since the govt seems to be inept on how to do this, ask Amazon. Remember when they attacked amazon, not a single thing was disrupted. No slowness, no downtime.

    For #2, there is nothing that ISP's can do to stop it anyways. Any protections they put in the people who know what they are doing will get around. All the govt can do is hire people that know what they are doing, get rid of the middle management bs and let them do their job.

    Asking us to pay the ISP's more to protect govt assets is asinine.
  • -2 Hide
    d-isdumb , February 24, 2012 7:37 PM
    Who is in charge right now in DC. Thats right, the left are a bunch of Fascist liars who always say it's the Republicans when i reality it's the Demorats who want big brother government.
  • 0 Hide
    Anonymous , February 24, 2012 7:44 PM
    If an industry needs Government to protect the value of its products- it shouldn't exist. Movie theaters erect ticket booths to exclude non-payers, they kick you out if you have a video camera, etc. Let Internet companies design their own "ticket booths," lets not lack faith in the free market and allow the Government to start erecting walls to create scarcity instead of the free market creating value where there ought to be value. Senator Orrin Hatch wants to blow up our computers without due process, check the story: http://www.dethronehatch.com/orrin-hatch-is-no-friend-of-the-internet/
  • 0 Hide
    maxwebb , February 26, 2012 12:48 PM
    what a joke. before they opened their mouths to speak they should have had a tangible thought. the first order of logic should be... is what they are doing technically illegal? hijacking, botnets, blah blah blah. where exactly are the laws that state that this conduct is illegal to begin with? as an example, if you live in america and get hit with a DoS attack, its perfectly legal... unless those who are attacked are a financial institution or the government ( http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act ) ... the general understanding is that these internet 'crimes' are not really crimes at all if they are committed against a citizen (okay, maybe some).

    i would highly suggest to create legislation to make digital crimes illegal first, then complain to the ISPs and everyone else to assist in enforcing them.
  • 0 Hide
    Hansy , March 1, 2012 4:45 AM
    It regulates interstate and international communications by radio, television, wire, satellite and cable.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter