US Fed Agencies Insist Cyber Security Code of Conduct against Botnet
Two US federal agencies -- The Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST), have proposed that a voluntary corporate notification system, a voluntary code of conduct, should be implemented so that the consumers could be sent an alert whenever a botnet or other malware infection is discovered, according to softpedia.
Malware infections take over the devices of both companies and individuals, and use them to launch attacks on others which lead to a great loss, softpedia reported on September 24, 2011.
As per a plan of the legal authorities, the Internet Service Providers (ISPs) and other organizations would share information about cyber threats and malicious attacks to further alert consumers.
The note asks for public opinion on potential models for detection, notification, deterrence, and alleviation of botnets' illegal use of computer equipment, from all Internet stakeholders, including commercial, academic, and civil society sectors. The stakeholders can send comments until November 4, 2011.
The authorities are considering two security models adopted abroad. One of these is Australia's iCode program, which asks the providers to redirect requests from suspicious systems to a website committed to removing malware. An initiative from Japan's Cyber Clean Center is also being considered. The Center has installed "honeypot" devices at various ISPs.
The note also discusses how to implement that cyber security code. It suggests that companies should be encouraged to send consumer support queries to a centralized resource center supporting consumers from many ISPs. The center can also facilitate information sharing, leading to better botnet attention.
Such a center could be created in three -- private-sector run and supported, government run and supported, or a public-private partnership setting up a non-profit or quasi-governmental body, the note adds.
Whether the companies participating in the code of conduct should receive certain types of liability protection or not, asks the note. The notice also welcomes the information ensuring existing botnet detection methods which avoid false positives.
Related article: US Passes Baton to Asia in Spam Relay
» SPAMfighter News - 04-10-2011