[LINK] The Coroneos iCode Meme Crosses the Pacific

Roger Clarke Roger.Clarke at xamax.com.au
Wed Sep 28 09:03:30 AEST 2011 

Is an ISP code of conduct the best way to fight botnets?
By Sean Gallagher
Published 5 days ago (22 September 2011?)
http://arstechnica.com/business/news/2011/09/us-government-looks-to-fight-botnets-with-isp-code-of-conduct.ars

The Department of Homeland Security and National Institute of 
Standards and Technology are looking to beat back the kudzu of spam 
generators, distributed denial of service zombies, and other botnets, 
and they want your cooperation-on a totally voluntary basis, of 
course.

After a long and escalating string of high-profile attacks on 
government and corporate sites using botnets like the Low Orbit Ion 
Cannon, botnets are obviously high on DHS's "to-kill" list. But while 
the government has had some success in attacking botnets directly, as 
it did in April when the FBI went after the Coreflood botnet, McAfee 
researchers estimate that the number of systems infected with botnet 
malware is growing at an average of 4 million per month.

Rather than pushing for new regulations to require Internet service 
providers to block botnet attacks, the agencies are looking to create 
a voluntary "code of conduct" to govern how ISPs handle detecting and 
dealing with them. In a cybersecurity "Green Paper" published in 
June, the Department of Commerce's Internet Policy Task Force found 
that one of the main barriers to cracking down on botnets was that 
ISPs lack a mechanism for setting established common cybersecurity 
practices. Rather than make ISPs responsible for directly dealing 
with botnet infections, the approach being considered is to inform 
users they've been hacked.

On Wedesday, NIST issued a request for information from companies in 
what the agency has labeled the Internet and Information Innovation 
Sector (I3S) to help define the approach of the code. The agencies 
are also considering approaches such as the two-year-old draft 
recommendations of the IETF on botnet remediation, and looking at 
similar efforts overseas as models for the program.

One of those models is an Australian conduct code, initiated by 
Australia's Internet Industry Association last year in the face of a 
push for government regulation. Under Australia's iCode program, ISPs 
redirect Web requests from systems suspected of having bot malware to 
a website with tools to remove malware. Users discover their system 
has been "disconnected" when they try to use their Web browser. The 
iCode system now is in use by 30 ISPs in Australia, covering 90 
percent of Internet users there.

Similar user-alert efforts are also underway in Japan and Germany, 
though they take different approaches in notification. Japan's Cyber 
Clean Center initiative uses "honeypot" machines installed at 
participating ISPs to attract and detect botnet infection attempts 
launched from users' systems. The ISPs then associate the IP 
addresses of the attack sources and send notification e-mails to 
their customers, as Cyber Clean Center's infographic below 
illustrates.

[Image here: 
http://static.arstechnica.net/2011/09/22/botnet-4e7b7a4-intro.jpg ]

One of the major questions DHS and NIST are looking to answer is who 
ends up paying the tab for the US version of these programs and 
provides the resource center that users are directed to: a private 
entity, a public-private partnership, or a government agency-run 
organization with some input from industry. There's also concern 
about whether detection efforts might expose consumers' personally 
identifiable information. And while the approaches in Australia, 
Germany and Japan have focused on ISPs, NIST and DHS are trying to 
determine whether operating system vendors and other service 
providers should also be involved in a US anti-botnet program.

The public comment period on the information request ends November 4.


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list