A partnership between federal agencies and nine trade groups and nonprofits released a voluntary code of conduct today to fight botnets, or networks of infected computers that spread spam and malware.
The Industry Botnet Group (IBG) — coordinated by the White House Cybersecurity Office and the Departments of Commerce and Homeland Security — has posted nine broad principles in fighting botnets, including coordination of cyber responsibilities across sectors and reporting lessons learned.
“I think like many things in cybersecurity, this is much larger than one company, any specific country, any specific government or individual,” said Howard Schmidt, the White House’s cyber coordinator, at an event today at the White House, addressing industry groups. “That’s why it’s so important we get it right.”
Botnets consist of infected computers controlled remotely, turning the computer into a “bot” or “zombie.” The computers are then used to attack websites and distribute more malware. Schmidt said about 1 in 10 computers in the United States are infected.
The code of conduct released today “charts a new course for all multi-stakeholders to implement an industry-wide, nationally-focused and globally-aware plan to address botnet threats,” Schmidt said.
The code also endorsed flexibility in addressing cyber threats and promoted innovative approaches.
The IBG was formed in September 2011 after Commerce and DHS issued a request for information on the best ways to combat botnets.
“This partnership reminds me a little bit of a potluck dinner. We sent out the invitations and provided a nice venue, and you did all the cooking,” said Patrick Gallagher, the director of Commerce’s National Institute of Standards and Technology.
Government partners today also outlined other botnet-combatting initiatives. For example, NIST is offering a workshop to define, measure and assign roles and responsibilities in fighting botnets. It was the first workshop of its kind from NIST to create a “technical toolbox” to address the botnet problem, Gallagher said.
Several IBG members are also launching today a campaign called Keep a Clean Machine, a public education campaign.
The agency and industry efforts won’t be enough, however, without a legislative framework, said DHS Secretary Janet Napolitano.
The Senate is considering a long-awaited comprehensive cybersecurity bill. The proposal — known as the Cybersecurity Act of 2012 — would require DHS to assess risks in critical infrastructure and establish information-sharing standards between the public and private sectors.
Napolitano said the bill reflects “a growing awareness in a bipartisan way” that legislative action is urgently needed.