[LINK] The Coroneos iCode Meme Crosses the Pacific
Roger Clarke
Roger.Clarke at xamax.com.au
Wed Sep 28 09:03:30 AEST 2011
Is an ISP code of conduct the best way to fight botnets?
By Sean Gallagher
Published 5 days ago (22 September 2011?)
http://arstechnica.com/business/news/2011/09/us-government-looks-to-fight-botnets-with-isp-code-of-conduct.ars
The Department of Homeland Security and National Institute of
Standards and Technology are looking to beat back the kudzu of spam
generators, distributed denial of service zombies, and other botnets,
and they want your cooperation-on a totally voluntary basis, of
course.
After a long and escalating string of high-profile attacks on
government and corporate sites using botnets like the Low Orbit Ion
Cannon, botnets are obviously high on DHS's "to-kill" list. But while
the government has had some success in attacking botnets directly, as
it did in April when the FBI went after the Coreflood botnet, McAfee
researchers estimate that the number of systems infected with botnet
malware is growing at an average of 4 million per month.
Rather than pushing for new regulations to require Internet service
providers to block botnet attacks, the agencies are looking to create
a voluntary "code of conduct" to govern how ISPs handle detecting and
dealing with them. In a cybersecurity "Green Paper" published in
June, the Department of Commerce's Internet Policy Task Force found
that one of the main barriers to cracking down on botnets was that
ISPs lack a mechanism for setting established common cybersecurity
practices. Rather than make ISPs responsible for directly dealing
with botnet infections, the approach being considered is to inform
users they've been hacked.
On Wedesday, NIST issued a request for information from companies in
what the agency has labeled the Internet and Information Innovation
Sector (I3S) to help define the approach of the code. The agencies
are also considering approaches such as the two-year-old draft
recommendations of the IETF on botnet remediation, and looking at
similar efforts overseas as models for the program.
One of those models is an Australian conduct code, initiated by
Australia's Internet Industry Association last year in the face of a
push for government regulation. Under Australia's iCode program, ISPs
redirect Web requests from systems suspected of having bot malware to
a website with tools to remove malware. Users discover their system
has been "disconnected" when they try to use their Web browser. The
iCode system now is in use by 30 ISPs in Australia, covering 90
percent of Internet users there.
Similar user-alert efforts are also underway in Japan and Germany,
though they take different approaches in notification. Japan's Cyber
Clean Center initiative uses "honeypot" machines installed at
participating ISPs to attract and detect botnet infection attempts
launched from users' systems. The ISPs then associate the IP
addresses of the attack sources and send notification e-mails to
their customers, as Cyber Clean Center's infographic below
illustrates.
[Image here:
http://static.arstechnica.net/2011/09/22/botnet-4e7b7a4-intro.jpg ]
One of the major questions DHS and NIST are looking to answer is who
ends up paying the tab for the US version of these programs and
provides the resource center that users are directed to: a private
entity, a public-private partnership, or a government agency-run
organization with some input from industry. There's also concern
about whether detection efforts might expose consumers' personally
identifiable information. And while the approaches in Australia,
Germany and Japan have focused on ISPs, NIST and DHS are trying to
determine whether operating system vendors and other service
providers should also be involved in a US anti-botnet program.
The public comment period on the information request ends November 4.
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list