White House Enlists Government, Industry in Botnet Offensive

The White House on May 30 introduced a government-industry alliance that will carry out a series of initiatives aimed at curtailing malware-driven botnets through information sharing, global collaboration and public education.

The White House has announced a series of initiatives in partnership with government agencies and the private sector to combat botnets.

The initiatives, which were announced May 30 at an event at the White House, are the result of a partnership between the Homeland Security and Commerce Department, the White House Cybersecurity Office and a coalition of trade associations and non-profits known as the Industry Botnet Group (IBG).

€œThe issue of botnets is larger than any one industry or country," said White House Cybersecurity Coordinator Howard Schmidt, in a statement. "This is why partnership is so important. The principles the IBG are announcing today draw on expertise from the widest range of players, with leadership coming from the across the private sector, and partnering with the government on items like education, consumer privacy and key safeguards in law enforcement.€

As part of the effort, the Financial Services Information Sharing and Analysis Center (FS-ISAC) is working on a pilot program to share information about botnet attacks this year with organizations and people outside the financial sector. In addition, the FBI and U.S. Secret Service have stepped up information sharing with the private sector and have worked together to shut down botnets such as Coreflood.

The initiatives are rounded out by the efforts of IBG, which launched a consumer education campaign called "Keep a Clean Machine" and released what its "Principles for Voluntary Efforts to Reduce the Impact of Botnets in Cyberspace."

These principles call on Internet users to voluntarily:

● Share cyber-responsibilities by employing reasonable technologies to thwart the effectiveness of botnets across all phases of the mitigation lifecycle: prevention, detection, notification, remediation and recovery.

● Coordinate across sectors in order to better analyze, prevent and combat threats.

● Confront the problem globally through cross-border collaboration.

● Report lessons learned with partners in the Internet ecosystem.

● Educate users by making information and resources available to them.

● Preserve flexibility for responses by different entities to an ever-evolving threat environment.

● Promote innovation to foster technological advances.

● Respect privacy.

● Navigate the complex legal environment.

"The history of the Internet tells us that the multi-stakeholder model can produce solutions," said Julius Genachowski, chairman of the Federal Communications Commission, in a statement. "This is the approach we've taken at the FCC€”and it is also the approach the IBG is taking."

One member of the IBG is the Online Trust Alliance (OTA), a non-profit focused on advocating best practices around privacy and security. The OTA is working with FS-ISAC on their recent "Joint ISAC Botnet Mitigation Process Working Group" and the FCC's Communications Security, Reliability and Interoperability Council (FCC CSRIC) to share recommendations and data to counter botnet activity.

"We have a shared responsibility to commit resources to address the growing threats from botnets, which threaten to undermine the digital economy," said Craig Spiezle, executive director and president of the Online Trust Alliance, in a statement. "Preserving online trust and confidence needs to be a priority and the broad adoption of the Industry Botnet Group principles is an important step towards protecting the internet."