A report issued by the Departments of Commerce and Homeland Security today called for widespread collaboration between government and industry stakeholders to combat the growing threat of botnets and other automated, distributed cyber threats. These types of crippling cyberattacks have been on the rise in recent years, and the report noted that “the increasing size and scope of attacks appear to be testing the limits” of sector-wide resilience.
Of key concern is the number of poorly secured “internet of things” devices — which range from routers to home security devices to “smart” appliances — that can be easily overtaken by cybercriminals and used as botnets to distribute malicious material. The report underscored the importance of ensuring that internet-enabled gadgets can be properly secured throughout the lifecycle of the device, noting that “market incentives must be realigned to promote a better balance between security and convenience when developing products.”
In all, the report makes a total of 24 recommendations of how government and industry work to ensure sector-wide resilience in the face of a botnet attack. It calls for DHS and Commerce to develop a roadmap within 120 days outlining priorities for addressing the threat of botnets, and deliver a one-year status report on implementation.
It also calls for an industry-led effort — in consultation with the National Institute of Standards and Technology — to develop guidance and best practices for preventing and mitigating enterprise distributed denial of service, or DDoS, attacks. This would help to “establish a common language for discussions regarding DDoS protection mechanisms with product vendors, ISPs, and other infrastructure providers” and “would help enterprises identify opportunities to improve DDoS threat mitigation and aid in cybersecurity prioritization by comparing their current state with the desired target state,” the report said.