Public comment open as ISP association updates icode for new security threats

The Internet Industry Association (IIA) will accept public feedback for the next three weeks after completing its review of the icode – the ISP association’s voluntary code of conduct – with a view to a major update that will address mobile and other evolving security threats.

Originally launched in June 2010, the icode coordinates an industry-wide cyber-security response to provide a unified front in the fight against early identification and management of malware on Australian Internet services. Currently supported by over 30 ISPs representing over 90% of Australian Internet users, it is informed by initiatives such as the Australian Internet Security Initiative (AISI), which uses an ACMA-managed database to collate, identify and report on tens of thousands of malware threats each week.

The icode Review Taskforce’s effort to review and update the icode – which kicked off in July 2012 – is in large part driven by the emerging threat from mobile malware attacks, which have come front and centre as exploding mobile usage and corporate bring your own device (BYOD) programs draw the attention of malware authors the world over.

“We are in a very mobile environment given the number of tablets and smartphones, and moving to other devices out there,” IIA CEO Peter Lee told CSO Australia. “It’s important that the code is relevant to the devices that are connected to the Internet; all devices have the ability to be affected by malware.”

Among the proposed changes are adoption of the Domain-based Message Authentication, Reporting & Conformance (DMARC) anti-phishing initiative, which has been adopted by around 60% of global ISPs since it was established at the beginning of 2012.

Also on the agenda were active promotion of the AISI’s work, increased awareness of the predominance of email-borne Trojans, and several other initiatives flagged by the Department of Broadband, Communications, and the Digital Economy (DBCDE), which ran an icode review and delivered its icode Review Report with nine key recommendations.

Those recommendations include better use of quantitative data to measure the effectiveness of icode; clarification of what constitutes a ‘significant cyber security incident’; better collaboration between government and ISPs to improve communications around cyber-security events; that the term ‘Internet Service Provider’ be expanded to include mobile internet service providers; promotion of the icode Trustmark; clarification of when ISPs should notify customers once a compromised device is identified; timeframes for response; and more.

“While the icode is voluntary, there were some things within it that ISPs must do in relation to notifying and taking every step possible and reasonable to notify and work with customers believed to have an affected device, and to get that through to a point of resolution,” Lee said. “There’s a bit more within the code now that has been modified to reflect the obligations on ISPs and the actual objectives of the code.”

Public comments will be open until July 20, after which the IIA hopes to finalise the review within one or two months.

Join the CSO newsletter!

Error: Please check your email address.

Tags IIAsecurityISP associationmalwareiCodethreats

More about CSOIIAInternet Industry AssociationTrustmark

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts