Thursday, March 22, 2012

FCC and ISPs Adopt Three Cyber Security Recommendations

The FCC and the nation's largest ISPs agreed to voluntarily adopt recommendations that address three top cyber-security concerns: attacks on the Domain Name System (DNS), and Internet route

The FCC's Communications, Security, Reliability, and Interoperability Council (CSRIC), which unanimously approved the recommendations, includes AT&T, CenturyLink, Comcast, Cox, Sprint, Time Warner Cable, T-Mobile, Verizon, among others.

Specifically, the advisory committee endorsed industry-based recommendations in each of
these three areas,

Anti-Bot Code of Conduct -- To reduce the threat of botnets in residential networks, CSRIC recommended a voluntary U.S. Anti-Bot Code of Conduct for Internet Service Providers (Anti-Bot Code). Under the Anti-Bot Code, ISPs agree to educate consumers about the botnet threat, take steps to detect botnet activity on their networks, make consumers aware of botnet infections on their computers, offer assistance to consumers whose computers are infected and collaborate with other service providers that have also adopted the Anti-Bot Code.

DNS Best Practices -- CSRIC recommended that ISPs implement best practices to better secure the Domain Name System by using DNSSEC, a set of secure protocol extensions that prevent such fraudulent activity. This recommendation is a significant first step toward full DNSSEC implementation by ISPs and will allow users, with software applications like browsers, to validate that the destination they are trying to reach is authentic and not a spoofed website.

IP Route Hijacking Industry Framework -- CSRIC recommended an industry framework to prevent Internet route hijacking, which is the erroneous routing of Internet traffic through potentially untrustworthy networks. CSRIC recommended that ISPs work to implement new technologies and practices to reduce the number of these events, thereby ensuring that users in the U.S. can be more confident that their Internet traffic will not be exposed to scrutiny by other networks, foreign or domestic, through misrouting.

See also