Homeland Security, Cybercrime and terrorism, part 2
I started rambling in my previous post about the article in Forbes. I had something else to say and I am adding it here.
The government and industry are changing. Government used to have a laissez-faire attitude towards botnets and malware but now they realize that they need to partner together. New initiatives have sprung up in the past year. Continuing on in the article:
Not surprisingly, the industry has been strongly advocating for a voluntary approach. Shortly after the Department of Commerce issued a request for information about botnets in September 2011, a group of trade associations and nonprofit organizations founded an alliance they dubbed the Industry Botnet Group.
In March, another group called the Communications Security, Reliability and Interoperability Council, which exists to provide recommendations to the Federal Communications Commission, issued a “U.S. Anti-Bot Code of Conduct for Internet Service Providers.”
Michael O’Reirdan, who chaired both the CSRIC antibot working group and is chair of the Messaging Anti-Abuse Working Group (MAAWG)…
Michael O’Reirdan? Hey, I know that guy!
… said that the aim of the code was to “strongly encourage” the ISPs to do something about bots.
The code, which is voluntary, reflects the ISPs’ view that botnets are a collective problem. The code is technology neutral and doesn’t specify any particular approach to solving the problem. These same elements were reflected in a set of nine voluntary principles embraced by the Industry Botnet Group and the Obama administration.
I wrote about these nine principles in this post here: White House announces anti-botnet initiative.
“Spam was a horrible problem,” O’Reirdan pointed out in an interview with Forbes.com. “Everyone was worried that spam would overpower the Internet. Today, if you are an end user with a reasonable-sized ISP, you don’t really think about spam at all because the ISPs are going to handle it.
“The ISPs spend a lot of money on software, on hardware and on human resources to fight against spam,” he added. “The net result is not a lot of spam gets through the the customer.”
Like spam, most people believe that botnets will become a manageable problem, once the industry steps up and finds the resources to address it.
This is possibly true.
One of the reasons we have botnets and spam today is because the protocols underlying the Internet are not secure. During the Kevin Mitnick presentation last week, someone commented that during the 1980’s, everything (i.e., technology) was open and therefore was easy to exploit. Nowadays it’s closed and the theme of the day is Security.
That’s true. It doesn’t tell the whole story, though. There are plenty of examples of closed systems being abused (e.g., Twitter, Facebook).
However, the advantage we have today is that tech companies can look back at what worked in the past (everybody communicating), and what didn’t work (spam, botnets). Now we have the chance to define the next generation of services and protocols and build security into them. Thus, the opportunity for collaboration is here, and that’s where government comes in handy – telling private industry to get their acts together and fix the problem, and make sure it doesn’t happen again.
So yes, we have a problem. But we are also working hard to fix it.
And we did do a pretty good job at making spam manageable.