Genachowski Pushes for Cybersecurity Code of Conduct

Plugged voluntary, multi-stakeholder model as the best way to respond to and prevent cybersecurity threats

By John Eggerton -- Broadcasting & Cable, 2/22/2012 1:41:57 PM

FCC Chairman Julius Genachowski called for an industrywide cybersecurity code of conduct Wednesday.  That came in remarks on cybersecurity at the Bipartisan Policy Center in Washington.

He put in a plug for the voluntary, multi-stakeholder model as the best way to respond to and prevent cybersecurity threats, giving a shout-out to Comcast and CenturyLink for taking the lead in informing computer users about potential threats without compromising privacy.

That model, "which recognizes that almost all of our broadband infrastructure is owned and operated by the private sector," he said, "has worked throughout the Internet's history to address key challenges.

And it continues to be the best approach for securing our networks while preserving the Internet as an open platform for innovation and communication."

Genachowski said that FCC staff estimates of the costs of cybercrimes were at a minimum in the tens of billions of dollars annually, "and growing."

But he called on those broadband stakeholders to take steps to address three key threats: botnets, domain name fraud and IP hijacking. But he also said any efforts to combat those threats must respect Internet openness and privacy.

Genachowski said ISPs should increase customer awareness of bots, which carry viruses to their computers, but without compromising privacy in the process. He said if more ISPs followed the leads of Comcast and CenturyLink "it could significantly reduce the botnet threat."

In fact, he went further that making suggesting it. "Today, I'm calling on all ISPs, working with other stakeholders, to develop and adopt an industry-wide Code of Conduct to combat the botnet threat and protect the public," he said. "This Code of Conduct would be a major step forward and a significant complement to the Administration's broader efforts against botnets." 

He also called on network operators to better secure their routers via technical standards, and gave a shout out for private industry adoption of the DNSSEC domain name security system developed by the Internet Engineering Task Force.

"To be effective, everyone who is a part of the Internet ecosystem must play a meaningful role in ensuring that private and government networks, and personal computers and devices are secured," said Comcast–NBCU Washington President Kyle McSlarrow, former head of the National Cable & Telecommunications Association, where he was active in cyvbersecurity discussions in the private and public sector. "Comcast will continue to develop innovative solutions and participate in multi-stakeholder organizations to assist in the development of real-world solutions, best practices, codes of conducts and guidelines. The work underway at the FCC's Communications Security, Reliability and Interoperability Council -- CSRIC -- is an example of this kind of industry-driven effort," McSlarrow said. "Comcast will continue to be an active participant in CSRIC activities because consumers can only be effectively protected if everyone in the Internet ecosystem and government work together."

The American Cable Association joined in the praise for an industry-driven approach to best practices. ""ACA and its members agree with the FCC Chairman that there is a vital need to make sure our networks are protected from cybersecurity threats and applaud the Chairman for emphasizing the need for the development of practical solutions to minimize them," said ACA President Matt Polka. "By encouraging the development of best practices that network providers could implement on a voluntary basis, and facilitating public/private collaboration, today's speech demonstrates that we're headed in the right direction. ACA looks forward to working with the FCC and other industry partners in reducing, if not completely eliminating, major threats to our networks."

Public Knowledge and Comcast were in somewhat unusual agreement on a preference for voluntary industry action. Harold Feld, legal director of the fair use group, emphasized the FCC's defense of the open Internet and privacy protections. But he also said that the group welcomed the multi-stakeholder model and "believes voluntary participation from the Internet community of providers and consumers will result in a stronger Internet for everyone without compromising the open Internet everyone values."

The chairman's speech comes as the Senate is considering cybersecurity legislation and that House is in the midst of a series of hearings on the issue.