Nearly 4 Dozen Firms, Individuals Give NTIA Advice About Fighting Botnets
Forty-six organizations and individuals filed comments with NTIA on how to prevent botnets and other automated threats, with many backing more government-industry collaboration (see 1707280030). Google and Alphabet's Nest Labs said they use security practices for their connected devices such as security by design, strong authentication and password practices, encryption, network security, automatic software updates and bug bounty programs. Microsoft described the work its digital crimes unit does with public and private sector partners to disrupt botnet operations and what the company does to improve hardware and software security. The Information Technology Industry Council said new IoT device makers such as startups may not be using best practices for secure device development and other cybersecurity approaches. ITI said barriers to the movement of global data could impede cyberthreat information sharing, citing as problematic 2013 changes to the Wassenaar Arrangement export control rules (see 1702130031). ACT|The App Association said law enforcement plays a vital role in preventing and mitigating attacks, requiring "close coordination" between U.S. and foreign governments and upfront forensic analysis. It said DOJ's position on law enforcement access to data stored abroad isn't aligned with U.S. law and "guaranteed rights" and this undermines the international rule of law, calling for more streamlined processes. NCTA said NTIA should push for a more "holistic approach" to fighting such threats, including application of artificial intelligence and adoption of mutually agreed norms for routing security. USTelecom supports principles for cybersecurity policymaking: private sector leadership and market-driven innovation; a dynamic flexible approach to security; shared responsibility among internet and communications stakeholders, government and consumers; and "active partnership against bad actors, not top-down government requirements."