WASHINGTON—Today, the U.S. Department of Commerce and the U.S. Department of Homeland Security released a report that offers a guide to government, civil society and industry actions that would dramatically reduce the threat of botnets and similar cyberattacks. The report, Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats, responds to a May 2017 Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.
“Through the actions outlined in this report, the Trump Administration has proven to be up to the task of confronting and mitigating 21st century cyber threats,” said Secretary of Commerce Wilbur Ross. “Ensuring that our government and economy are safe from cyberattacks remains a top priority, and having clear information about these continuing threats will help us better prepare to keep Americans, and their information, safe from our adversaries.”
“As the world becomes more interconnected, it also becomes more difficult to secure, and our work pursuant to E.O. 13800 will help the Department confront this challenge,” said Secretary of Homeland Security Kirstjen M. Nielsen. “One of DHS’ core missions is to protect our nation against cyber threats and we are committed to achieving, with the help of our partners in the public and private sectors, a secure and resilient cyberspace.”
The report lists five complementary goals that would improve the resilience of the Internet ecosystem, as well as more than 20 suggested actions that key stakeholders can take to achieve those goals. The recommended actions new initiatives, such as increasing software component transparency and initiating a public campaign to support awareness of IoT security. The report also finds several ongoing activities that should be should be continued or expanded, including establishing federal procurement guidelines to provide market incentives for vendors that significantly reduce the incidence of security vulnerabilities in their products.
The five complementary goals are:
- Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace.
- Promote innovation in the infrastructure for dynamic adaptation to evolving threats.
- Promote innovation at the edge of the network to prevent, detect, and mitigate automated, distributed attacks.
- Promote and support coalitions between the security, infrastructure, and operational technology communities domestically and around the world.
- Increase awareness and education across the ecosystem.
The report calls for the Departments of Commerce and Homeland Security to further coordinate with industry and civil society in the development of a road map that prioritizes these actions in accordance with Administration priorities.
“Automated, distributed threats are a systemic challenge that no one actor – government or commercial can solve,” said David J. Redl, Assistant Secretary of Commerce for Communications and Information and NTIA Administrator, U.S. Department of Commerce. “Over the past year, we heard from industry, government, academia and civil society on the importance of working together and developed a roadmap to protect the Internet from botnets. Now that we have itemized the challenges, we look forward to getting to work on concrete actions to accomplish these goals.”
“Mitigating the threats from automated and distributed cyberattacks requires ongoing collaboration between public and private sectors, and NIST continues to work broadly with partners to develop and refine the standards that protect networked devices and secure internet routing,” said Walter Copan, Under Secretary of Commerce for Standards and Technology and Director the National Institute of Standards and Technology. “We’re building on the common foundation established by the NIST Cybersecurity Framework and accelerating adoption of relevant technologies through the work of the National Cybersecurity Center of Excellence (NCCoE).”
As directed by the Executive Order, the report is the final result of a yearlong open and transparent process that included hosting two workshops, publishing two requests for comment, and initiating an inquiry through the President’s National Security Telecommunications Advisory Committee (NSTAC), which finalized and approved the NSTAC Report to the President on Internet and Communications Resilience on November 16, 2017.
These actions were aimed at gathering a broad range of input from experts and stakeholders, including industry, academia, and civil society.