A cybersecurity report from the Commerce Department and Homeland Security has been delivered to the White House in response to a 2017 executive order.
The report, on better protecting against botnets and other kinds of automated attacks, was produced in coordination with the FCC, FTC, Department of Justice, Department of Defense and others.
It identifies six principal themes:
- The problem is global;
- Tools are out there but not sufficiently employed;
- The product lifecycle needs to be protected end to end;
- More education is needed;
- Market incentives need improving; and
- The problem is ecosystem-wide, and the defense must include all stakeholders.
The report also listed key goals in addressing the above:
- "Goal 1: Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace;
- "Goal 2: Promote innovation in the infrastructure for dynamic adaptation to evolving threats;
- "Goal 3: Promote innovation at the edge of the network to prevent, detect and mitigate automated, distributed attacks; and
- "Goal 4: Promote and support coalitions between the security, infrastructure, and operational technology communities domestically and around the world"Goal 5: Increase awareness and education across the ecosystem"
The report concluded that current internet infrastructure has been remarkably resilient, but that threats like the 2016 Mirai Botnet attack have tested those limits. And by infrastructure, it means more than wires, transmitters or satellite links to include routers, switches, Internet service providers, DNS providers, content delivery networks, hosting and cloud-service providers.
Given that ecosystem-wide definition, the report also concluded that infrastructure providers have to develop an understanding of the benefits of shared defense approaches and best practices. That means, ideally, "understanding the current levels of attacks, maintaining sufficient capacity to absorb realistically expected levels of malicious traffic, and communicating those capabilities to their customers."
The report said edge devices need to be able to resist attacks throughout their life cycles and can't be shipped with known serious security flaws. The marketplace will need to reward alignment with security advances and best practices.
The report, not surprisingly, advocated for a self-regulatory approach to governance.
"Governments can constructively influence the development of more secure products by steps such as supporting open, voluntary, industry-driven standards, and by conducting their own technology and device procurement decisions in a way that creates market incentives for more secure products."
It also backed collaboration with law enforcement.
"[I]ndustry and law enforcement should work to find ways to coordinate more often and earlier to detect and prevent threat activity, and in managing incidents that take place," the report said.
“Through the actions outlined in this report, the Trump Administration has proven to be up to the task of confronting and mitigating 21st century cyber threats,” said Secretary of Commerce Wilbur Ross in a statement. “Ensuring that our government and economy are safe from cyberattacks remains a top priority, and having clear information about these continuing threats will help us better prepare to keep Americans, and their information, safe from our adversaries.”
The Telecommunications Industry Association praised the administration's effort.
“This inter-agency report is an important step forward in reducing cybersecurity risks posed by botnets and other automated, distributed threats to our nation’s networks," said TIA senior vice president Cinnamon Rogers. "The open and transparent inter-agency process led by DHS and Commerce demonstrates the kind of clear and constructive coordination between government and industry that is vital to addressing ecosystem-wide security challenges in our increasingly connected world. We are encouraged by the emphasis the final report places on prioritizing recommended actions and look forward to building on this work with our government partners in the months ahead.”