This week the departments of Commerce and Homeland Security released a report that provides guidance to government, civil society and industry that would dramatically reduce the threat of botnets and similar cyberattacks. The report, Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats , responds to a May 2017 Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.
“Through the actions outlined in this report, the Trump Administration has proven to be up to the task of confronting and mitigating 21st century cyber threats,” said Secretary of Commerce Wilbur Ross in a NIST release. “Ensuring that our government and economy are safe from cyberattacks remains a top priority, and having clear information about these continuing threats will help us better prepare to keep Americans, and their information, safe from our adversaries.”
“As the world becomes more interconnected, it also becomes more difficult to secure, and our work pursuant to E.O. 13800 will help the Department confront this challenge,” said Secretary of Homeland Security Kirstjen M. Nielsen. “One of DHS’ core missions is to protect our nation against cyber threats and we are committed to achieving, with the help of our partners in the public and private sectors, a secure and resilient cyberspace.”
The report lists five corresponding goals that would improve the resilience of the internet system, with more than 20 suggested actions that key stakeholders can take to achieve those goals. The recommendations include new methods, such as increasing software component transparency and initiating a public campaign to support awareness of IoT security. The report also highlights several ongoing actions that should be should continue or expand, including “establishing federal procurement guidelines to provide market incentives for vendors that significantly reduce the incidence of security vulnerabilities in their products.”
The five goals are:
- Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace.
- Promote innovation in the infrastructure for dynamic adaptation to evolving threats.
- Promote innovation at the edge of the network to prevent, detect, and mitigate automated, distributed attacks.
- Promote and support coalitions between the security, infrastructure, and operational technology communities domestically and around the world.
- Increase awareness and education across the ecosystem.
The report calls for the Departments of Commerce and Homeland Security to work with industry and civil organization to develop a roadmap “that prioritizes these actions in accordance with Administration priorities.”
“Automated, distributed threats are a systemic challenge that no one actor — government or commercial can solve,” said David J. Redl, Assistant Secretary of Commerce for Communications and Information and NTIA Administrator, U.S. Department of Commerce. “Over the past year, we heard from industry, government, academia and civil society on the importance of working together and developed a roadmap to protect the Internet from botnets. Now that we have itemized the challenges, we look forward to getting to work on concrete actions to accomplish these goals.”
“Mitigating the threats from automated and distributed cyberattacks requires ongoing collaboration between public and private sectors, and NIST continues to work broadly with partners to develop and refine the standards that protect networked devices and secure internet routing,” said Walter Copan, Under Secretary of Commerce for Standards and Technology and Director the National Institute of Standards and Technology. “We’re building on the common foundation established by the NIST Cybersecurity Framework and accelerating adoption of relevant technologies through the work of the National Cybersecurity Center of Excellence (NCCoE).”
As directed by the Executive Order, the report is the final result of a yearlong open and transparent process that included hosting two workshops, publishing two requests for comment, and initiating an inquiry through the President’s National Security Telecommunications Advisory Committee (NSTAC), which finalized and approved the NSTAC Report to the President on Internet and Communications Resilience on November 16, 2017, according to the NIST release.
Initiatives by the departments of Commerce and Homeland Security were, and continue to be, aimed at gathering a broad range of input from experts and stakeholders, including industry, academia and civil society.
As a non-regulatory agency of the Commerce Department, the National Institute of Standards and Technology (NIST) promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards and technology in ways that enhance economic security and improve quality of life. For more information, visit www.nist.gov.