The Departments of Homeland Security and Commerce released on May 30, 2018, their report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats ("Report"). The Report, which responds to the President's May 11, 2017, cybersecurity Executive Order, comes a week after the FBI issued a warning about a sophisticated botnet that infected home networks worldwide. It concludes that the challenges in reducing botnets and other distributed threats targeting the internet of things ("IoT") can be summarized around six basic themes:
Distributed attacks are a global problem, with many of the compromised devices located outside the United States. Although effective tools to combat botnets exist, they are not widely used during product development and deployment. Security challenges arise at all stages of a product's lifecycle, from initial deployment to vulnerabilities that require patching to continued use after vendor support ends. Consumers and some enterprise users often are unaware that their devices may play a role in botnet attacks and do not understand how to use available controls. Market incentives motivate manufacturers and vendors to minimize cost and time to market, often at the expense of security. Addressing distributed attacks is a challenge for the entire ecosystem, and no single actor can adequately protect against them. The Report calls on the government, industry, and users to collaborate on investments and actions to mitigate this threat. It recommends 24 actions, which include establishing international standards for the security of IoT devices; wider adoption of tools to reduce the incidence of vulnerabilities in commercial software; expanded information-sharing of actionable threat information among internet service providers, the government, and other stakeholders; development of best practices for traffic management; and increasing awareness through mechanisms such as product labeling.
The Departments of Homeland Security and Commerce commit to developing, in coordination with industry and international partners, an initial road map to prioritize actions and then to support implementation of that road map by fostering private-sector leadership and coordination and helping to lead international engagement.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.