The White House pushed cybersecurity back into the forefront this week by taking a stand with key industry groups against one of the most significant threats to our IT infrastructure: botnets.
Botnets -- networks of computers infected by viruses that allow hackers to control and monitor information without the users' knowledge -- have infected nearly five million computers around the world, according to Business Software Alliance president and CEO, Robert Holleyman.
'This undermines the Internet economy by eroding users' trust and confidence in cyberspace," he said.
To combat this growing threat, the White House announced a partnership between U.S. government agencies, including the Department of Homeland Security, and a group of nine trade association and nonprofits called the Industry Botnet Group, or IBG.
"We have a shared responsibility to commit resources and address the growing threats from botnets, which threaten to undermine the digital economy," said Craig Spiezle, executive director and president of Online Trust Alliance, a member of IBG.
As a first step to this new cybersecurity effort, officials unveiled IBG's Nine Principles to Reduce the Impact of Botnets in Cybersecurity.
According to IBG, these principles are intended to support voluntary efforts in the private sector that aim to allow the IT industry to respond quickly and effectively to cyber threats. They do not, however, prescribe any particular means or method to do so, which for great flexibility over a wide range of participants and business models.
"Preserving online trust and confidence needs to be a priority," said Spiezle. "The broad adoption of the Industry Botnet Group principles is an important step towards protecting the Internet."
IBG's Nine Principles to Reduce the Impact of Botnets in Cybersecurity
- Share cyber responsibilities: Participants should employ reasonable technologies and sound practices, appropriate in the context of their business, to thwart the effectiveness of botnets across the phases of the lifecycle: prevention, detection, notification, remediation and/or recovery.
- Coordinate across sectors: To better analyze, prevent and combat threats, participants should share information about botnet incidents and other malicious activities among public, private, and non-profit stakeholders.
- Confront the problem globally: Cybersecurity, and specifically the proliferation of botnets and malware, is a global problem requiring global attention, and participants should foster greater cooperation and cross-border collaboration between and among industry and government.
- Report lessons learned: In the appropriate manner and context, participants should share lessons learned, particularly their view of the effectiveness of various tactics, technologies, sound practices and other tried measures to thwart the effectiveness of botnets across the lifecycle
- Educate users: Participants should make available access to resources to help educate customers to defend against and remediate from infections by botnets and malware, and to illustrate the relationship between staying safer online and making the Internet more secure for everyone.
- Preserve flexibility: There is no single solution to address the dynamic threat of botnets and malware and efforts should remain flexible, allowing participants to undertake activities as appropriate to their core competencies, resources, and customer needs.
- Promote innovation: Efforts to reduce the impact of botnets and malware should promote innovation and support the inclusion of new technologies, strategies, approaches, and participants to better combat threats and protect customers
- Respect privacy: While working to further trust and confidence online, participants should address privacy and security in the appropriate manner and abide by applicable laws and practices
- Navigate the complex legal environment: Barriers to addressing cyber threats may exist in todays complex global legal and regulatory environment, and any initiatives undertaken by participants to reduce the impact of botnets should comply with applicable laws and regulations.