Today, the U.S. Department of Commerce and the U.S. Department of Homeland Security released a draft report to President Trump in response to the May 11, 2017, Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.
“Cybersecurity is perhaps one of the most serious threats we face,” said Secretary Ross. “President Trump understands the necessity of strengthening our networks and this Administration is doing everything in its power to prevent bad actors from infiltrating our critical cyber infrastructure.”
The report, which was created with broad input from stakeholders and experts, summarizes the opportunities and challenges in reducing the botnet threat and offers supporting actions to be taken by both the government and private sector in order to reduce the threat of automated cyber-attacks. The report lists five complementary goals that would improve the resilience of the ecosystem:
- Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace
- Promote innovation in the infrastructure for dynamic adaptation to evolving threats
- Promote innovation at the edge of the network to prevent, detect, and mitigate bad behavior
- Build coalitions between the security, infrastructure, and operational technology communities domestically and around the world
- Increase awareness and education across the ecosystem
“Botnets represent a system-wide threat that no single stakeholder, not even the federal government, can address alone,” said Walter G. Copan, Under Secretary of Commerce for Standards and Technology and Director of the National Institute of Standards and Technology. “The report recommends a comprehensive way for the public and private sectors, as well as our international partners, to work together and strengthen our defenses.”
“Botnets threaten to undermine the internet ecosystem as well as the promise of next-generation technologies,” said Assistant Secretary for Communications and Information and NTIA Administrator David Redl. “This report clearly demonstrates the urgency of the problem and this Administration’s commitment to taking on these threats and creating a more secure and sustainable internet.”
The report identifies six principal themes:
- Automated, distributed attacks are a global problem.
- Effective tools exist but are not widely used.
- Products should be secured during all stages of the lifecycle.
- Education and awareness are needed.
- Market incentives are misaligned.
- Automated, distributed attacks are an ecosystem-wide challenge.
The Department of Commerce is requesting comment on the report, seeking a response to the issues raised and goals it identifies, as well as the proposed approach, current initiatives, and next steps.
Following the comment period, the Department of Commerce will host a two-day workshop to discuss a way forward. The workshop will be held February 28 and March 1 at the National Institute of Standards and Technology's National Cybersecurity Center of Excellence in Rockville, Md. A final report, incorporating comments and other feedback received, is due to the President on May 11, 2018.
All interested stakeholders are encouraged to comment on the draft report. Comments must be received by 5 p.m. Eastern Time on February 12, 2018. Written comments may be submitted by email to Counter_Botnet@list.commerce.gov.