ISPs, experts, academics and other Internet stakeholders need to do more to protect users from botnets, IP hijacking, domain name fraud and other security threats, according to the FCC.
of the Federal Communications Commission is calling on ISPs and other experts to protect users from the ongoing online
stakeholders, which include users, service providers and policymakers, need to
take "concrete steps" to address botnet attacks, domain name fraud
and IP hijacking, said FCC Chairman Julius Genachowski during a speech Feb. 22
at the Bipartisan Policy Center in Washington, D.C. Without a multi-stakeholder
approach to combat the significant cyber-threats, "billions of
dollars" could potentially be lost to digital criminals, Genachowski told
attendees at the cyber-security event sponsored by the Washington-based group
founded by former lawmakers to address public-policy issues.
There are many
threats in Genachowski's view. Digital attackers are trying to compromise user
computers in order to steal information, take over the machine to launch
denial-of-service attacks and trick the system into sending out spam.
Organized-crime syndicates are actively trying to steal credit card
pose a critical threat to our economic future and national security, said Genachowski.
can be "devastating" to the average Internet user, said Genachowski,
noting that infected computers can be remotely controlled to perform a variety
of functions without the user knowing. IP hijacking is also a problem, as
attackers reroute users through different networks and eavesdrop on unencrypted
data. Trust between networks is the Internet's "biggest strength" but
also a "major weakness," he said.
And domain name
fraud is on the rise where attackers change the entry in the Domain Name System
(DNS), a "digital phonebook for the Internet," to redirect users to
fraudulent Websites. The address looks right, but the site is actually not the
correct destination. The FCC estimates that 3.6 million Americans are
redirected to bogus Websites in a single year, and can cost users as much as
estimates that 8.4 million credit card numbers are stolen online every year.
Internet users, businesses and critical infrastructure are all at risk, said
multi-stakeholder model was the best way to prevent cyber-security threats and
to deal with the aftermath of an attack, said Genachowski. He praised
telecommunications giant Comcast as an example of how Internet service
providers can take the lead in combating botnet infections by informing users
about potential infections on their computers and offering remediation support.
ISPs and other stakeholders needed to develop and adopt an industry-wide code
of conduct, he said.
ISPs employed similar best practices, it could significantly reduce the botnet
threat," said Genachowski.
could be fixed if ISPs "adopted more secure routing standards," said
Genachowski. The costs of implementing these security upgrades could be spread
out by including them as part of other routine maintenance tasks. Implementing Domain
Name System Security Extensions (DNSSEC) would also address domain name fraud
and protect user privacy. Broadband providers should implement it as soon as
are voluntary, not government mandates, said Genachowski. Collaboration between
service providers, cyber-security experts and other groups is essential. Even
with a multi-stakeholder model in place to tackle the thorny question of
cyber-security, there are certain "ingredients" that cannot be compromised.
Internet freedom and the open architecture need to be preserved, because they
were essential to the Internet's success. Privacy must be maintained alongside
security. The idea that privacy needed to be compromised to enhance security
was a "false choice," he said.
the challenges to Internet security is so important, because the opportunities
of the Internet are so great," said Genachowski.
More than $8
trillion is exchanged over wired and wireless networks each year, and that
figure is growing, according to the FCC chairman. More than 1 million entrepreneurs
sell their products online. The online economy also creates jobs, Genachowski
said, claiming that 500,000 new jobs have been created because of the
the Internet would essentially shut down the U.S. economy, he said.
speech comes a week after a comprehensive cyber-security bill was introduced in