U.S. Gov’t Time Travels to 2009 to Fight Botnets; No One Cheers

Written by Malcolm James on October 10, 2011

In a shocking development for anyone still living in 2009, this week the U.S. Government has decided to tackle botnets head-on. Some have speculated that a high-up mucky-muck over at DHS thought it would be ‘a pretty neat thing to do,’ considering the timing (Hugh Jackman’s Rocky reboot robot revival Real Steel also hit theatres this week). While government spokespeople deny rumors that Optimus Prime is involved in this radical move, most ISPs are groaning, rolling their eyes, and wondering where they put their contact information for Megatron.

Sigh. In a world of the mundane, the lamest is the King of nothing special. Once again this week, the U.S. Government proved that axiom and their incessant ability to underwhelm when it comes to the ever-heated battle of the botnets. Multiple reports have cited the Department of Homeland Security (DHS), National Institute for Standards and Technology (NIST), and others as generating a wormhole in space-time this week and stepping back into 2009, when and where they encouraged ISPs to adopt a code of conduct for preventing, detecting, and dealing with botnet activity.

Okay, the wormhole may be a stretch, but perhaps you now understand the tone of this article. This baffling move on the part of the government is strange, uncomfortable and highly inappropriate, for several reasons. First, it’s not and never should be the role of government to ‘gently suggest’ (i.e., threaten to legislate) best practices in a business and technology they know nothing about. Let’s face it: the U.S. Government has problems of its own without pointing out to someone else that their fly  is open. If you doubt me, look here, here, and here.

Second – and not to sound like a conspiracy theorist – but any time there’s a threat of the government sticking its fingers into people’s personal information, one cannot help but feel uncomfortable. In a request for information on the Federal Register on a voluntary ‘Code of Conduct,’ DHS said that one possible suggestion was to “encourage ISPs to send consumer support queries to a centralized consumer resource center that could be supported by a wide number of players. Such a resource center could reduce the burden on corporate customer support centers by pooling resources.” If you’re anything like me, reading that passage is probably giving you an irritating twitch in your right eye just now.

Finally, and most importantly, if one is to take a leadership role, one actually must…uhm, how can I put this delicately? Lead. There it is. The fact is, what the U.S. Government is trying to do seems like a severe act of self-deprecation, if the purpose of the meeting this week was to point out to the world that they weren’t aware that the ISPs have been doing just fine, thank you very much, in dealing with botnets over the past few years. Writes Kelly Jackson Higgins on Dark Reading: “ISPs such as Comcast, which two years ago was one of the first to employ a bot-notification service, notify customers whose machines they spot as bot-infected. Comcast’s free Constant Guard Security program directs the infected user to the antivirus center, where he follows directions to remove the bot malware.”

Fortunately, I’m not the only one who sees it that way. In fact, there’s a long line of private sector organizations who are ready to tell the government to keep their greasy paws off of something they know nothing about: “The Messaging Anti-Abuse Working Group (MAAWG), which is made up of ISPs, email providers, and security vendors including AT&T, Cisco, McAfee, Facebook, and Verizon, sees the federal effort as unnecessary and redundant, and is balking at the idea of the government legislating how ISPs handle bot-infected customers.”

Boo-yah! No kidding. No one can blame the ISPs for getting antsy when government suggests a central repository (it incites thoughts of a suppository. Just saying.) for information on their clients – us – and I can’t see this one going too far, based on early reactions from the non-government players.

So where does that leave us? Well, we can’t dismiss some of the information that came out of this event. According to press release from NIST, there are an estimated 4 million new botnet infections each month. The White House’s Cybersecurity coordinator pointed out in his keynote address that fighting these infections “requires a combination of efforts in which everyone has a role to play.”

Great, now get out of the way and let the ISPs do what they do best.

Comments

Stewart Brocklin October 12, 2011

I think it’s necessary for the government to make a unified push to stop botnets, but they should be lauding and offering their support to what ISPs are already doing, not making mandates and legislations to tell them what needs to be done. They know, they’ve been doing it. Not every industry requires government intervention, but they could certainly use the support to criminally prosecute what they can find.

Jamie Campbell October 12, 2011

Stewart,

By all means all cyber criminals should be prosecuted and the function of governing bodies should be to continue to provide law enforcement and judicial support. Unfortunately, the reality is that governments sometimes tend to try to ‘own’ something once they take an active interest in it, and this is one of those instances where the U.S. Government could quickly and unnecessarily overstep their responsibilities.

Papa Joe Monroe October 14, 2011

The US government knows which legislation or law is the best for its citizen and businessmen. America is not the most economically powerful country in the world if it does not know what its doing. We should leave the government do its job instead of criticizing it.

We should sit back and wait where this could lead us. I own a small IT business and I have a complete trust to Obama’s plans for the country. I just hope they’ll enforce their plans sooner.

Jamie Campbell October 14, 2011

Papa Joe,

Thanks for your thoughts. We’ll have to disagree on the responsibilities of government and where they should and shouldn’t stick their noses, but your trust of the current administration is impressive.

  • (required)
  • (required)