Commerce Seeks Input on Fighting Botnets

fatmawati achmad zaenuri/

The request follows an executive order focused partly on fighting the armies of zombie computers.

The Commerce Department is asking for public input on what the government should do to combat cyberattacks launched by armies of infected computers.

The request follows a May executive order that directed the Commerce and Homeland Security departments to lead “an open and transparent process” to organize tech companies and other stakeholders to help secure the internet against the automated and distributed attack groups known as botnets.

The botnet section was among the most tendentious portions of the otherwise noncontroversial executive order when it was in draft form. Industry was concerned the government might place additional mandates on businesses.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The final draft of the order imposed no mandates but left open the possibility for additional executive action. The order requires a final report on anti-botnet efforts from DHS and Commerce within one year.

Monday’s request from Commerce’s National Telecommunications and Information Administration seeks input on laws, policies and technology that are currently useful in combating botnets, what gaps exist in technology, policy or legislation and what role the federal government should play in future efforts.

Commerce is also seeking feedback on how the inherently global nature of the internet and technology supply chains affects botnet mitigation efforts.

Botnets can be employed in distributed denial-of-service campaigns, such as the 2016 Mirai attack that used computing power from unsecured internet of things devices and briefly overwhelmed the websites for Netflix, The New York Times and other major sites.

Hackers also used the Mirai botnet to undermine some defenses against the recent WannaCry ransomware campaign, the request notes.  

“It is difficult to predict what the next significant attack vector will be, but that should not preclude taking steps to mitigate the potential impact of those that are known,” the request states.

Commenters have 30 days to respond to the Commerce request.