[AfrICANN-discuss] US ISPs commit to new cybersecurity measures

Anne-Rachel Inné annerachel at gmail.com
Fri Mar 23 11:16:05 SAST 2012

US ISPs commit to new cybersecurity measures The recommendations from an
FCC advisory committee target botnets, domain name fraud and Internet route

 By Grant Gross


March 22, 2012 — IDG News Service — A group of U.S. Internet service
providers, including the four largest, have committed to taking new steps
to combat three major cybersecurity threats, based on recommendations from
a U.S. Federal Communications Commission advisory committee.

The ISPs, including AT&T, Comcast, Time Warner Cable and Verizon
Communications, committed Thursday to implement measures to fight botnets,
domain name fraud and Internet route hijacking. The FCC's Communications,
Security, Reliability, and Interoperability Council (CSRIC) adopted the
recommendations for voluntary action by ISPs the same day.

Eight wired and wireless ISPs, representing about 80 percent of the
broadband subscribers in the U.S., are members of
signed on to the recommendations.

"These actions will have a significant positive impact on Internet
security," FCC Chairman Julius Genachowski said. "If you own a PC, you'll
be significantly better protected against your computer [being] taken over
by a bad actor, who could destroy your private files or steal your personal
information. If you shop or bank online, you'll be significantly better
protected against being directed to an illegitimate website and having your
credit card number stolen."

The recommendations preserve the open architecture of the Internet and
protect Internet users' privacy, Genachowski said.

The CSRIC recommendations embraced by the ISPs include an antibot code of
conduct. ISPs agreed to educate customers about botnets and to take steps
to identify botnet activity on their networks. ISPs will also warn
customers about botnet infections on their computers and offer assistance
to customers with compromised computers, under the code of conduct.

The ISPs also committed to implement a set of best practices to secure the
Internet's Domain Name System by implementing DNSSEC, a set of secure
protocol extensions designed to prevent DNS spoofing.

CSRIC also recommended that the Internet industry develop an Internet
Protocol-route highjacking framework, including new technologies and
practices to limit the number of times that Internet traffic is misdirected.

T-Mobile USA, one of the ISPs signing on to the recommendations, called
cybersecurity an "extremely important issue." The company supports
voluntary, industrywide deployment of DNSSEC, T-Mobile said in a statement.

ISPs will need help from other Internet companies to implement the security
measures, said Bob Quinn, AT&T's senior vice president for federal
regulatory affairs.

"DNSSEC is predicated upon a chain of trust across the Internet," he wrote
in a blog post<http://attpublicpolicy.com/cybersecurity/cybersecurity-and-the-fccs-csric-recommendations/>.
"[CSRIC] recommends that key industry segments such as banking, healthcare
and others sign their respective domains and that software developers, such
as web-browser developers, study how and when to incorporate DNSSEC
validation functions into their software."

The botnet recommendations see a "significant role" for other companies,
including security software vendors and operating system developers, he
added. "Keeping the Internet safe for consumers to browse, transact
business and communicate is an important objective not only for AT&T but
any other business that operates online," he wrote.

*Grant Gross covers technology and telecom policy in the U.S. government
for *The IDG News Service*. Follow Grant on Twitter at GrantGross. Grant's
e-mail address is grant_gross at idg.com.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20120323/3bc487a4/attachment.htm

More information about the AfrICANN mailing list