FCC chairman calls on ISPs to adopt new security measures

Broadband providers should notify subscribers when their computers are infected with malware, Genachowski says

U.S. Internet service providers should take new steps to protect subscribers against cyberattacks, including notifying customers when their computers are compromised, the chairman of the U.S. Federal Communications Commission said Wednesday.

FCC Chairman Julius Genachowski called on ISPs to notify subscribers whose computers are infected with malware and tied to a botnet and to develop a code of conduct to combat botnets. Genachowski also called on ISPs to adopt secure routing standards to protect against Internet Protocol hijacking and to implement DNSSEC, a suite of security tools for the Internet's Domain Name System.

If ISPs don't take these steps, they will risk a backlash from subscribers who have lost trust in online commerce, Genachowski said in a speech at the Bipartisan Policy Center, a Washington, D.C., think tank.

"The cyberthreat is growing," he said. "If we fail to tackle these challenges, we will pay the price in the form of diminished safety, lost privacy, lost jobs and financial vulnerability -- billions of dollars potentially lost to digital criminals."

The problems of botnets, IP hijacking and domain name fraud, and potential solutions, were priorities identified by the FCC's Communications Security, Reliability and Interoperability Council and other participants, Genachowski said.

ISPs can help battle botnets by detecting infections on subscribers' computers and notifying them of the problems, he said. Botnets, often used to launch cyberattacks, can control millions of computers, he said. "Botnets have been central to a very large percentage of the website crashes you've heard of, and that you haven't," he said.

To fight IP hijacking, ISPs should support the development of secure routing standards and implement them when ready, Genachowski said. The cost of implementation can be minimized by putting the standards in place during routine hardware and software upgrades, he said.

DNSSEC, developed by the Internet Engineering Task Force, can help prevent domain name fraud, "but adoption in the private sector has been slow," Genachowski added. One major U.S. ISP has implemented DNSSEC, and Genachowski called on others to do so.

ISP Comcast said it supports the FCC in calling for industry-led solutions to cybersecurity problems. Comcast will continue to work with the FCC and other groups on cybersecurity, Kyle McSlarrow, president of Comcast/NBCUniversal's Washington operations, wrote in a blog post.

"Comcast agrees with Chairman Genachowski that protecting American consumers, businesses and governments from cybersecurity threats should be a global priority," McSlarrow wrote. "To be effective, everyone who is a part of the Internet ecosystem must play a meaningful role in ensuring that private and government networks, and personal computers and devices are secured."

The American Cable Association, representing small and medium-sized ISPs, praised Genachowski for "emphasizing the need for the development of practical solutions" to minimize cybersecurity threats.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

More about Comcast CableFCCFederal Communications CommissionIDGInternet Engineering Task ForceSEC

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts