FCC: ISPs Need to Protect Users From Botnets, DNS Fraud, Cyber-Threats
The chairman of the Federal Communications Commission is calling on ISPs and other experts to protect users from the ongoing online security threats.
Internet stakeholders, which include users, service providers and policymakers, need to take "concrete steps" to address botnet attacks, domain name fraud and IP hijacking, said FCC Chairman Julius Genachowski during a speech Feb. 22 at the Bipartisan Policy Center in Washington, D.C. Without a multi-stakeholder approach to combat the significant cyber-threats, "billions of dollars" could potentially be lost to digital criminals, Genachowski told attendees at the cyber-security event sponsored by the Washington-based group founded by former lawmakers to address public-policy issues.
There are many threats in Genachowski's view. Digital attackers are trying to compromise user computers in order to steal information, take over the machine to launch denial-of-service attacks and trick the system into sending out spam. Organized-crime syndicates are actively trying to steal credit card information.
Cyber-attacks pose a critical threat to our economic future and national security, said Genachowski.
Botnet attacks can be "devastating" to the average Internet user, said Genachowski, noting that infected computers can be remotely controlled to perform a variety of functions without the user knowing. IP hijacking is also a problem, as attackers reroute users through different networks and eavesdrop on unencrypted data. Trust between networks is the Internet's "biggest strength" but also a "major weakness," he said.
And domain name fraud is on the rise where attackers change the entry in the Domain Name System (DNS), a "digital phonebook for the Internet," to redirect users to fraudulent Websites. The address looks right, but the site is actually not the correct destination. The FCC estimates that 3.6 million Americans are redirected to bogus Websites in a single year, and can cost users as much as $3.2 billion.
The FCC estimates that 8.4 million credit card numbers are stolen online every year. Internet users, businesses and critical infrastructure are all at risk, said Genachowski.
The voluntary multi-stakeholder model was the best way to prevent cyber-security threats and to deal with the aftermath of an attack, said Genachowski. He praised telecommunications giant Comcast as an example of how Internet service providers can take the lead in combating botnet infections by informing users about potential infections on their computers and offering remediation support. ISPs and other stakeholders needed to develop and adopt an industry-wide code of conduct, he said.
"If other ISPs employed similar best practices, it could significantly reduce the botnet threat," said Genachowski.
IP hijacking could be fixed if ISPs "adopted more secure routing standards," said Genachowski. The costs of implementing these security upgrades could be spread out by including them as part of other routine maintenance tasks. Implementing Domain Name System Security Extensions (DNSSEC) would also address domain name fraud and protect user privacy. Broadband providers should implement it as soon as possible.
These steps are voluntary, not government mandates, said Genachowski. Collaboration between service providers, cyber-security experts and other groups is essential. Even with a multi-stakeholder model in place to tackle the thorny question of cyber-security, there are certain "ingredients" that cannot be compromised. Internet freedom and the open architecture need to be preserved, because they were essential to the Internet's success. Privacy must be maintained alongside security. The idea that privacy needed to be compromised to enhance security was a "false choice," he said.
"Tackling the challenges to Internet security is so important, because the opportunities of the Internet are so great," said Genachowski.
More than $8 trillion is exchanged over wired and wireless networks each year, and that figure is growing, according to the FCC chairman. More than 1 million entrepreneurs sell their products online. The online economy also creates jobs, Genachowski said, claiming that 500,000 new jobs have been created because of the "apps economy."
Shutting down the Internet would essentially shut down the U.S. economy, he said.
The chairman's speech comes a week after a comprehensive cyber-security bill was introduced in the Senate.