US Internet service providers should take new steps to protect subscribers against cyberattacks, including notifying customers when their computers are compromised, the chairman of the US Federal Communications Commission said Wednesday.
FCC Chairman Julius Genachowski called on ISPs to notify subscribers whose computers are infected with malware and tied to a botnet and to develop a code of conduct to combat botnets. Genachowski also called on ISPs to adopt secure routing standards to protect against Internet Protocol hijacking and to implement DNSSEC, a suite of security tools for the Internet's Domain Name System.
If ISPs don't take these steps, they will risk a backlash from subscribers who have lost trust in online commerce, Genachowski said in a speech at the Bipartisan Policy Center, a Washington, D.C., think tank.
Botnets, IP hijacking, domain name fraud - all big problems
"The cyberthreat is growing," he said. "If we fail to tackle these challenges, we will pay the price in the form of diminished safety, lost privacy, lost jobs and financial vulnerability - billions of dollars potentially lost to digital criminals."
The problems of botnets, IP hijacking and domain name fraud, and potential solutions, were priorities identified by the FCC's Communications Security, Reliability and Interoperability Council and other participants, Genachowski said.
The steps recommended by Genachowski are voluntary, not government mandates, the FCC said. Genachowski emphasised a "multi-stakeholder process" involving ISPs, cybersecurity experts and other groups to deal with cybersecurity challenges. This collaborative approach "continues to be the best approach for securing our networks while preserving the Internet as an open platform for innovation and communication," he said.
ISPs can help battle botnets by detecting infections on subscribers' computers and notifying them of the problems, he said. Botnets, often used to launch cyberattacks, can control millions of computers, he said. "Botnets have been central to a very large percentage of the website crashes you've heard of, and that you haven't," he said.
To fight IP hijacking, ISPs should support the development of secure routing standards and implement them when ready, Genachowski said. The cost of implementation can be minimized by putting the standards in place during routine hardware and software upgrades, he said.
More ISPs should be adopting practices like DNSSEC
DNSSEC, developed by the Internet Engineering Task Force, can help prevent domain name fraud, "but adoption in the private sector has been slow," Genachowski added. One major US ISP has implemented DNSSEC, and Genachowski called on others to do so.
ISP Comcast said it supports the FCC in calling for industry-led solutions to cybersecurity problems. Comcast will continue to work with the FCC and other groups on cybersecurity, Kyle McSlarrow, president of Comcast/NBCUniversal's Washington operations, wrote in a blog post.
"Comcast agrees with Chairman Genachowski that protecting American consumers, businesses and governments from cybersecurity threats should be a global priority," McSlarrow wrote. "To be effective, everyone who is a part of the Internet ecosystem must play a meaningful role in ensuring that private and government networks, and personal computers and devices are secured."
The American Cable Association, representing small and medium-sized ISPs, praised Genachowski for "emphasizing the need for the development of practical solutions" to minimise cybersecurity threats.