NTIA Plans to Announce Meeting in July to Further Anti-Botnet Effort
NTIA will call a meeting with stakeholders in early July to discuss implementing recommendations in a report to the president on botnets (see 1805300065), said Deputy Associate Administrator Evelyn Remaley Thursday. The next step is to develop a “prioritized road map,” with the purpose of increasing the resiliency of the internet and communications landscape against distributed threats. That's due within 120 days of the report’s approval and will involve coordination among the departments of Commerce and Homeland Security and industry, civil society and international partners.
The report dictates the road map align with priorities the administration outlined in a May 2017 executive order that directed the secretaries of commerce and homeland security to lead a cybersecurity effort with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks.” Government and the private sector “will work together to ensure that the road map is updated and maintained as stakeholders accomplish the identified actions,” the report said.
Appearing alongside Remaley on a USTelecom panel Thursday, National Institute of Standards and Technology Computer Scientist Tim Polk said even though the report is published, engagement will continue. Implementing goals might require even more coordination and collaboration, Polk said. USTelecom CEO Jonathan Spalter said he’s confident the document and recommendations are “an inflection point in this critical war.”
AT&T and Cisco executives praised the engagement process. Cisco Cybersecurity and Privacy Policy Director-Global Government Affairs Eric Wenger said there was an ability to offer advice with every development, from the agency workshops to the draft report to the final report. AT&T Assistant Vice President-Global Public Policy Chris Boyer said the process was an example of how public-private partnerships should work.
Wenger said technology has shifted and criminal actors have changed tactics, but the combination of new technologies and public-private collaboration can put a dent in the problem. The panelists were asked about NTIA’s approach favoring voluntary compliance over regulation, and the potential for baseline requirements industry should be required to follow. Remaley said voluntary standards let industry remain agile, which is emphasized in the report. Polk said good voluntary standards that meet consumer needs have the “longest and most positive impact.”
Speakers were asked about consumers who favor cost and convenience over strong security standards. Polk understands those arguing some consumers don’t care about security as long as products work to their satisfaction. Part of the problem is education for average users, he said. Remaley said they should make better buying decisions, but Commerce needs to provide ways for consumers to get informed. Boyer suggested an Energy Star approach could be useful for IoT devices, but industry shouldn't simply push the responsibility onto the consumer. He argued for consumer education with better tools and innovation at the network level, “a combination of things that needs to happen.” Companies need to understand what consumers can be reasonably expected to take care of, and then industry can patch the rest, Wenger said. Remaley said the road map calls for civil society engagement, “an area calling for leadership.”