New Federal Report Gives Guidance on Beating Botnets

  /     /     /  
Publicated : 22/11/2024   Category : security


New Federal Report Gives Guidance on Beating Botnets


A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.



In May 2017, the Trump administration issued Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. Yesterday, one response to that order was made public as the secretaries of Commerce and Homeland Security jointly released A Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats.
The report
, at 51 pages, is a relatively concise look at the state of defense against botnets and similar threats. Reports such as these are important in terms of being able to assess what the current state of cybersecurity is, what were able to do, and what we need to be able to do about it, says Chris Pierson, CEO of Binary Sun Cyber Risk Advisors.
More than the specifics of the assessment, the level of the report is important, says Chris Wysopal, founder and CTO of CA Veracode. This looks at the whole system development life cycle, from planning through end of life, he says. He argues that the level of conversation is critical because consumers buy products with gaping security holes — and will continue to do that until vendors make safe products an economic priority.
Five Goals
The report is based on five goals for improving security. The five broad goals are:
Goal 1:
Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace.
Goal 2:
Promote innovation in the infrastructure for dynamic adaptation to evolving threats.
Goal 3:
Promote innovation at the edge of the network to prevent, detect, and mitigate automated, distributed attacks.
Goal 4:
Promote and support coalitions between the security, infrastructure, and operational technology communities, domestically and around the world.
Goal 5:
Increase awareness and education across the ecosystem.
The goals are important because they give guidance to a variety of stakeholders on which steps they should be taking to secure their systems and networks. The real question is whether any of those stakeholders will take meaningful action.
A History of Reports
Look up the
2004 NIAC Hardening the Internet Report and Recommendations
. About 80% of that report is reflected in this report, says Andy Ellis, CSO of Akamai. That isnt entirely a reflection on the skills or dedication of IT security professionals, though. Its because a lot of the problems are really hard, explains Ellis.
The issues are, what are the action items, who owns the action items, and what dollars are being put behind fixing them? says Pierson. Now, he says, its time to move forward. Given 10 years of describing the risk, what are the low-hanging fruits, what are we going to do about it, and whos going to pay for it?
At the federal level those questions are critical, given the just-released
OBM Federal Cybersecurity Risk Determination Report and Action Plan
, in which 71 of 96 federal agencies were shown to be at risk or at high risk for cybercrime issues. Were talking about the bad things that are happening, but when are we going to take about solving them? How do we solve them, when do we solve them, who solves them? asks Pierson.
Steps Ahead
Theres at least one step that would be direct, if not necessarily easy to implement. The government could just change their procurement to follow the recommendations. That would incent vendors to change their practices if they wanted government business, says Wysopal.
Everyone whos in the industry should read through the list and see what they can work on, says Ellis. As an example, he mentions the recommendation that education for every engineering and technical discipline have a cybersecurity component, instead of waiting until young professionals are in the field to begin their training on the subject.
Ultimately, though, Ellis sees real value in the process. I think that the important thing is that this represents the work of a lot of groups that have come together. Its not a final product but part of a process to make things better, he says.
Pierson acknowledges the value of the process but has a stark assessment of the progress made so far. Its 10 years later and were still at the same place.
Related Content:
7 Tools for Stronger IoT Security, Visibility
Dozens of Vulnerabilities Discovered in DoDs Enterprise Travel System
US Senator to DOD CIO: Take Immediate Action on HTTPS
US Government Cybersecurity at a Crossroads
Cyber War Game Shows How Federal Agencies Disagree on Incident Response

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Federal Report Gives Guidance on Beating Botnets