Last week, USTelecom hosted an event in Washington, D.C. at the Willard InterContinental Hotel, “Implementing the White House Cybersecurity Executive Order,” which featured Rob Joyce, White House Special Assistant to the President and Cybersecurity Coordinator. Joyce joined the White House from the National Security Agency, where he had a long and distinguished career. He told the audience that the U.S. faces increasing threats from a variety of adversaries, including advanced nation-states and criminal enterprises. What has made the situation today more critical is that automated and distributed attacks are leveraging hundreds of thousands of internet-connected, low cost devices, which can be organized into botnets with very disruptive impacts globally, he said.
The problem has become so pervasive that the White House singled out the issue in its May 11, 2017 Executive Order, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” The order called on the U.S. Commerce Secretary and the Secretary of the Department of Homeland Security to “jointly lead an open and transparent process to identify and promote action by appropriate stakeholders to improve the resilience of the internet and communications ecosystem…with the goal of dramatically reducing threats perpetrated by automated and distributed attacks.”
During the event, Joyce spoke about another element of the executive order, which is requiring federal departments and agencies to take more responsibility for preventing and responding to breaches. “The important thing is not ‘have we or have we not been breached,” Joyce told the audience. “There will be breaches in the future.”
A panel of experts from the federal government and private sector, including AT&T and CenturyLink, spoke after Joyce and echoed his remarks about the importance of federal cyber IT experts and the private sector to work together to thwart potential attacks and respond quickly to any breaches. Video from the event can be seen here.
In 2005, the Communications Sector Coordinating Council (CSCC) was chartered to help coordinate industry initiatives to improve the physical and cybersecurity assets, ease the information flows, and address issues related to response and recovery following an incident or an event. There have been numerous efforts over the past several years to address botnet problems, and in 2013, the sector adopted the U.S Anti-Botnet Code of Conduct, which remains a key pillar for industry efforts.
Recognizing that the new White House botnet initiative would require an even greater level of engagement, the Council initiated a review of the current challenges and opportunities, and published an Industry Technical White Paper on July 17, 2017 to serve as a new starting point for committed multi-sector engagement.
A White House reference to the “internet and communications ecosystem” is an explicit recognition that the threats posed by botnets must take into consideration the roles and responsibilities of a complex, diverse, and highly inter-dependent ecosystem. It’s impossible to achieve dramatic improvements without an active and continuous dialogue with the various ecosystem players.
As the paper notes, the internet ecosystem is comprised of many machines/devices (e.g. smartphones, desktop computers, Internet of Things devices, etc.). Network service providers use a combination of transit and peering to provide internet connectivity to service creators (e.g., hosting, ecommerce, social media, enterprises, etc.). Many of the service creators are cloud-based, meaning they operate a network of machines working together to provide a service.
Since the attackers exploit vulnerabilities across this entire value-chain, innovative tools, techniques and processes must be applied throughout the system. It is a long-standing view of the communications sector that the U.S. government — especially federal agencies like DHS and Commerce — can be most effective as the facilitators of multi-stakeholder activities that are likely to continue for several years.
The paper includes nine recommendations that are necessary parts of any solution. It is the CSCC’s hope that these recommendations will spark a discussion about impediments to collaboration initiating a renewed interest in cross-industry efforts and urgency. The explanations for these recommendations are elaborated in further detail in the white paper.
1. Encourage continued migration to all IPV6.
2. Ensure that shared cyber threat information is actionable and tailored to meet the needs of recipients.
3. Include pre-negotiated provisions for traffic filtering in transit and peering agreements.
4. Streamline the law enforcement takedown process.
5. Encourage ICANN, registries and registrars to adopt the fast flux mitigation techniques.
6. Adapt and apply machine learning to the detection of botnets.
1. Ensure all end points including IoT devices adhere to industry developed security standards.
2. Ensure end-points are running up-to-date software.
3. IoT devices should use network isolation or network-based filtering techniques for any communications to cloud-based services.