President Obama declared March 4-10, 2012 as National Consumer Protection Week, building on a coordinated effort that encourages consumers nationwide to take full advantage of their consumer rights and make better-informed decisions. The Commerce Department is using this occasion to showcase the efforts of our Internet Policy Task Force, which is leveraging the expertise of several Commerce bureaus that are aimed at ensuring continued innovation in the Internet economy and preserving consumer trust in Internet commerce and online interactions. In particular, the Task Force continues to move forward in our work to promote new efforts that will lead to improved Internet privacy protection and better security for consumers online.
In September, the National Institute of Standards and Technology (NIST) and The National Telecommunications and Information Administration (NTIA) in cooperation with the Department of Homeland Security, released Request for Information (RFI) to focus on the growing concern around a specific Internet security risk related to "botnets."
While security risks on the Internet continue to exist in many areas, one increasingly exploited threat is the global rise of botnets. A botnet infection can lead to the monitoring of a consumer's personal information and communication, and exploitation of that consumer's computing power and Internet access. Researchers suggest an average of about 4 million new botnet infections occur every month.
In our RFI, we specifically asked about efforts to notify individual residential consumers who had experienced a botnet infection. We received over two dozen comments from a wide range of stakeholders with surprisingly similar views on combating this problem.
Last week, a new Industry Botnet Group (IBG), comprising trade associations, companies, and privacy and safety organizations announced that it would begin work on a number of short term goals to move forward on many of the ideas raised in the RFI response. In particular, the IBG plans to:
- Develop high-level principles for addressing botnets that can be incorporated by a broad spectrum of industry participants into a range of business models and initiatives.
- Develop a strategy to increase public awareness on botnets and related malware that includes a focus on prevention and remediation.
- Provide online resources that aggregate and leverage available consumer-focused information and tools related to the prevention and remediation of bot infection.
- Identify how to collect progress reports on the botnet environment and the effects of educational and other measures on the health of the ecosystem, beginning with an inventory of existing practices and initiatives with regard to botnet prevention and remediation.
Importantly, this work has been created and led by the widest range of players from the private sector, only bringing in government actors to partner with them on education and other efforts as needed.
NIST has now also announced that it will be holding a workshop on the Technical Aspects of Botnets on May 30. We hope that this event can bring together the leaders in technological efforts to fight botnets and allow the IBG and others to demonstrate progress made on work to address this critical threat.