Governments around the world are starting to pay attention to botnets and the damage they can inflict. Recently the Chairman of the US Federal Communications Commission (FCC), Julius Genachowski, called for action to address the bot problem and improve Internet security.
“For the average consumer, the consequences can be equally devastating,” Genachowski said. “Bots are used to relay massive amounts of spam. Bots can be used to steal passwords and financial information, putting an individual’s identity at risk.”
The chairman called on ISPs to increase customer awareness about botnets and how they can spot an infected machine. “I’m calling on all ISPs, working with other stakeholders, to develop and adopt an industry-wide Code of Conduct to combat the botnet threat and protect the public,” Genachowski said.
He pointed to Comcast and CenturyLink, which have implemented bot mitigation measures: “If other ISPs employed similar best practices, it could significantly reduce the botnet threat,” the Chairman said, “…ISPs can play a significant role in the battle against botnets. They can increase customer awareness so that users can look for signs that their computers are being used as bots, detect infections in customers’ computers, notifying customers when their computers have become infected, and offer remediation support. Of course, ISPs can and must do this in a way that does not compromise consumers’ privacy.”
The FCC Chairman’s proposal for a voluntary Code of Conduct is a great alternative to formal government mandates that force ISPs to comply with ”one size fits all” regulations. Service Providers have a far better understanding of security technologies that offer them the most leverage given the unique requirements of their customers and networks.
A voluntary approach also lets providers reconcile the disparate objectives driving their business – reducing operations costs, differentiating, and improving agility – rather than being constrained by mandated point solutions that will quickly become obsolete in the face of extremely fast changing problems. Done right they can adopt platform oriented strategies that potentially even allow them to address other business priorities like increasing subscriber loyalty.
Voluntary approaches have been adopted elsewhere. In Australia the Internet Industry Association (IIA) adopted a voluntary Code of Practice to combat botnets several years ago. In Germany, eco, another Internet Industry association worked with government on a botnet mitigation initiative. This could become a common model worldwide and deter costly regulatory mandates.
As bots and the problems they cause become more apparent to the average person, Internet users are going to look to their ISPs for help. Providers have a great opportunity to demonstrate leadership while reinforcing their commitment to subscribers and removing a liability that can adversely impact their networks. Security will become part of their brand equity, leading to an enlightened strategy that incorporates other business enhancing initiatives.