Commerce, Homeland Security Urge Tech to Reward Counter-Botnet Innovation
To reduce the global threat of botnets dramatically, it’s vital the tech industry “support and reward” continuous development of innovative security technology, the secretaries of commerce and homeland security told President Donald Trump in a report released Wednesday (see 1801110006). It responded to a May 2017 executive order. The order directed the secretaries to lead a cybersecurity effort with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks.” The agencies hosted two workshops, issued as many requests for comment and published a stakeholder inquiry through the president’s National Security Telecommunications Advisory Committee. The agencies consulted DOD, DOJ, the State Department, FBI, FCC and FTC, among other agencies.
“Ensuring that our government and economy are safe from cyberattacks remains a top priority, and having clear information about these continuing threats will help us better prepare,” said Commerce Secretary Wilbur Ross. Homeland Security Secretary Kirstjen Nielsen said the work will help the U.S. confront evolving challenges in an interconnected world.
The goals: Identify a clear path forward to ensure a secure tech market; promote infrastructure innovation “for dynamic adaptation to evolving threats”; promote edge device innovation; promote collaboration among security, infrastructure and operational technology groups; and increase global education and awareness. The document concluded that automated, distributed attacks are a global problem that requires multistakeholder solutions across the ecosystem. Other findings included: Effective tools exist, but remain widely unused due to lack of awareness, cost avoidance, insufficient technical expertise and lack of market incentives; consumers are unaware of the role devices can play in botnet attacks; and market incentives should be adjusted to embrace the goal of “dramatically reducing” botnet threats. When security features become more popular, increased demand drives more research, the study said.
The executive summary concluded that some of recommendations should be government-driven, but “this model provides a way for stakeholders to collaborate with government as they move forward on those actions that are best accomplished through private-sector leadership.” USTelecom CEO Jonathan Spalter said: “We are particularly pleased the report calls for follow-up coordination with industry and other stakeholders; a transparent and collaborative approach that will forge a smoother path.” Telecommunications Industry Association looks “forward to building on this work with our government partners,” said Senior Vice President-Government Affairs Cinnamon Rogers.
The National Institute of Standards and Technology’s National Initiative for Cybersecurity Education issued a separate report tied to the same executive order, about the U.S. cybersecurity workforce. NIST seeks “immediate and sustained improvements in the country’s cybersecurity workforce,” it blogged. The agency cited 2017 findings from the Center for Cyber Safety and Education projecting an international cybersecurity workforce shortfall of 1.8 million by 2022, and CyberSeek estimating nearly 300,000 U.S. cybersecurity openings as of November. The agency recommends the administration prioritize “long-term authorization and sufficient appropriations for high-quality, effective cybersecurity education, and workforce development programs.”
CTA, meanwhile, is partnering with the Council to Secure the Digital Economy, a collaborative effort from tech and communications groups on cybersecurity issues, CSDE announced Wednesday. The coalition is developing an international guide for anti-botnet security practices. “CTA brings additional world-class resources to CSDE’s efforts to develop focused and actionable guidance to address the growing threat from botnets and distributed attacks,” USTelecom CEO Jonathan Spalter said.