The FCC is taking public comments on an advisory committee’s recommendations for Internet service providers to stymie major cybersecurity threats, including botnet attacks, domain name fraud and Internet route hijacking. The vulnerabilities these recommendations were intended to address continue to be exploited, so the issue has urgency, notes the FCC.
The commission’s third Communications Security, Reliability and Interoperability Council adopted the suggestions, which are voluntary. The recommendations included an anti-bot code of conduct to mitigate the proliferation of distributed denial of service attacks, steps to better secure the Domain Name System through incremental implementation of DNSSEC, and steps to strengthen the security of the Internet’s interdomain routing infrastructure. CSRIC III also recommended that the FCC encourage ISPs to implement source-address filtering to prevent attackers from spoofing IP addresses to launch DDoS attacks.
In a meeting of the CSRIC III in June, FCC Public Safety & Homeland Security Bureau Chief, Rear Admiral David Simpson reiterated Chairman Wheeler’s call for a “‘new paradigm’ of proactive, measurable, accountable, business-driven risk management for communications security and reliability.” The new approach, said Simpson, is a substitute for traditional regulation that is more dynamic than complying with rules and more effective than blindly trusting the market.
“The ‘new paradigm’ approach is different, and it is more challenging, because if it is going to succeed, it will rely primarily on your action. This is the case both in developing best practices and risk management processes in the first place, and then in following through with meaningful, measurable, demonstrable implementation,” said Simpson.
The commission seeks comments from ISPs, the Internet community, consumer groups and the public on the implementation and effectiveness of the CSRIC III recommendations and/or on alternatives. Interested parties are invited to comment by Sept. 26. By submitting input by email directly to the Associate Bureau Chief for Cybersecurity and Communications Reliability, Jeffery Goldthorp, with a copy to the Deputy Chief of the bureau’s Cybersecurity and Communications Reliability Division, Lauren Kravetz.