Industry Weighs in on How the Government Can Fight Botnets

Government technologists must develop more partnerships with the private sector and flesh out security guidelines to stop botnets from knocking websites and networks offline, cybersecurity experts said.

Cyber policy experts and telecommunications and technology trade groups weighed in on a draft report outlining the government’s plans to reduce cyber threats from internet-connected devices.

The growing number of such devices worldwide has raised fears about cybersecurity and personal privacy. Online bad actors are increasingly hacking and harnessing those devices en masse for large distributed denial-of-service attacks that can knock websites and services offline by overwhelming them with bunk traffic.

In the report, Commerce, Homeland Security and other federal agencies outlined five major goals to mitigate the threat of distributed attacks: strengthen the intrinsic security of software and devices, bolster infrastructure, improve network protections, build partnerships with global tech communities, and increase cybersecurity education and awareness.

While experts largely agreed with the government’s broad goals, they each highlighted certain areas that have particular bag for the buck.

U.S. Telecom, a trade organization for telecommunications groups, stressed the need for agencies to bring companies together to find ways to “share responsibility” in addressing attacks. The administration should also work with industry to improve software security and coordinate efforts with other governments, they said.

“The gross shortfall in investment in the parts of the government that support industry-driven cybersecurity processes and industry-government collaboration constitutes a long-term threat to our national security,” U.S. Telecom said in its comment. “The government should invest in sufficient structural support for these private sector efforts.”

BSA | The Software Alliance emphasized the importance of building protection straight into software and devices to keep them from being co-opted by online bad actors. The group also recommended feds avoid “across-the-board” standards for securing internet-connected devices, as different systems carry a wide array of vulnerabilities and risks.

In their comment, the Coalition for Cybersecurity Policy and Law included a full framework to prevent DDoS and botnet attacks based on existing guidelines from the National Institute for Standards and Technology for security cyber infrastructure. In addition to detailing ways to bolster systems against attacks, the framework outlines steps to detect, respond and recover from them.

The report responds to a directive in President Donald Trump’s executive order on cybersecurity. The Commerce and Homeland Security departments must submit a final report to the White House by May 11.