|
|
Monday, March 26, 2012
|
ISPs To Secure Their Communications Networks
|
|
You are sending an email that contains the article
and a private message for your recipient(s). |
| Your Name: |
|
| Your e-mail: |
* Required! |
| Recipient (e-mail): |
* |
| Subject: |
* |
| Introductory Message: |
|
HTML/Text
(Photo: Yes/No) |
(At the moment, only Text is allowed...)
|
| |
|
| Message Text: |
The Federal Communications Commission (FCC) unanimously adopted recommendations for voluntary action by Internet service providers (ISPs) to combat three major cyber security threats, including botnets, attacks on the Domain Name System (DNS), and Internet route
hijacking.
FCC Chairman Julius Genachowski applauded the public
commitments of many of the U.S.' largest ISPs to
implement these best practices.
The Communications, Security, Reliability, and
Interoperability Council (CSRIC) is a federal advisory
committee established to provide recommendations
regarding the security, reliability, and interoperability
of the U.S. communications system. Currently, CSRIC is
composed of more than 50 communications experts from the
private sector (including ISPs), public safety, consumer
organizations and tribal, local, state and federal
governments.
Chairman Genachowski said, "The recommendations approved
today identify smart, practical, voluntary solutions that
will materially improve the cyber security of commercial
networks and bolster the broader endeavors of our federal
partners."
CSRIC was tasked with developing measures for ISPs to
mitigate three major cyber threats: botnet attacks,
domain name fraud, and Internet route hijacking. Today,
the advisory committee endorsed industry-based
recommendations in each of these three areas, including:
- Anti-Bot Code of Conduct: To reduce the threat of
botnets in residential networks, CSRIC recommended a
voluntary U.S. Anti-Bot Code of Conduct for Internet
Service Providers (Anti-Bot Code). Under the Anti-Bot
Code, ISPs agree to educate consumers about the botnet
threat, take steps to detect botnet activity on their
networks, make consumers aware of botnet infections on
their computers, offer assistance to consumers whose
computers are infected and collaborate with other service
providers that have also adopted the Anti-Bot Code.
- DNS Best Practices: CSRIC recommended that ISPs
implement best practices to better secure the Domain Name
System. DNS works like a telephone book for the
Internet, but lack of security for DNS has enabled
spoofing, allowing Internet criminals to coax credit card
numbers and personal data from users who do not realize
they are on an illegitimate website. DNSSEC is a set of
secure protocol extensions that prevent such fraudulent
activity. This recommendation is a significant first
step toward full DNSSEC implementation by ISPs and will
allow users, with software applications like browsers, to
validate that the destination they are trying to reach is
authentic and not a spoofed website.
- IP Route Hijacking Industry Framework: CSRIC
recommended an industry framework to prevent Internet
route hijacking, which is the erroneous routing of
Internet traffic through potentially untrustworthy
networks. CSRIC recommended that ISPs work to implement
new technologies and practices to reduce the number of
these events, thereby ensuring that users in the U.S. can
be more confident that their Internet traffic will not be
exposed to scrutiny by other networks, foreign or
domestic, through misrouting.
Chairman Genachowski reiterated that privacy must not be
compromised for the sake of security. He also announced
that CSRIC is being tasked with preparing future
recommendations to ensure that the best practices
endorsed today will protect the privacy of Internet
users. Last month, Chairman Genachowski urged the
multi-stakeholder Internet community to find
industry-led, non-regulatory solutions to secure the U.S.
networks.
In response, several ISPs participating in CSRIC,
including AT&T, CenturyLink, Comcast, Cox, Sprint, Time
Warner Cable, and Verizon, pledged today to implement the
CSRIC recommendations. Other ISPs, such as T-Mobile,
have agreed to implement those recommendations that apply
to their network architecture. |
|
|
|
|