The Trump administration's botnet report launches a critical new phase in government-industry collaboration on cybersecurity, framed by a landmark effort to define roles and responsibilities -- and by enormous stakes.
“If this doesn't work, we're screwed,” commented one industry veteran of government-stakeholder engagements.
The cybersecurity challenge is growing amid increasingly sophisticated botnet and distributed denial of service attacks, the source said, “and there's more pressure on federal agencies to make things happen.”
With that in mind, the source said, “This is an important opportunity to show that industry can take the initiative, work with government and show results.”
Government officials highlighted the private-sector role in combating botnets, while other industry sources stressed the pivotal nature of the process that will be kicked off by the report's release on Wednesday.
“There are things the U.S. government can do, but there are limitations,” said Kent Landfield of McAfee. “They need to pull in the industry stakeholder community,” he said, adding that the government side heard and responded to that message.
“A Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats” was crafted by the departments of Commerce and Homeland Security and fulfills a key requirement of President Trump's May 11, 2017 executive order.
Federal officials are also developing a “roadmap” on how botnet efforts will be organized and prioritized.
DHS Secretary Kirstjen Nielsen said in a statement: “Pursuant to President Trump’s Executive Order 13800, DHS has developed ways to improve our protection of the federal networks, work more collaboratively with our private sector partners, and reduce the threat of automated cyber-attacks from botnets. The work undertaken reflects months of extensive research and collaboration with the private sector."
“Automated, distributed threats are a systemic challenge that no one actor -- government or commercial -- can solve,” said David Redl, Commerce's assistant secretary for communications and information and National Telecommunications and Information Administration chief. “Over the past year, we heard from industry, government, academia and civil society on the importance of working together and developed a roadmap to protect the Internet from botnets. Now that we have itemized the challenges, we look forward to getting to work on concrete actions to accomplish these goals."
The report was expected almost three weeks ago, on the anniversary of the executive order, but “it was worth waiting for,” commented USTelecom senior vice president for cybersecurity Robert Mayer. “It took a little more time to get agreement between Commerce, DHS and the White House, but that's essential to a whole-of-government approach. This gives confidence to industry that [implementation] will be pursued in a uniform way without duplication.”
Mayer said the requirement in the report for a status update to the president in 365 days shows “a serious effort to track progress.” The report also signals a recognition that “regulation is too static,” Mayer said, and suggests government can play a “facilitating” role in addressing international aspects of the botnet challenge.
John Miller, the Information Technology Industry Council’s vice president of global policy and law, said in a statement: “We appreciate the administration’s work on this report and their attention to this issue. Successfully combating botnets and bolstering cybersecurity across the global digital economy will only happen if industry and government work together. We look forward to rolling up our sleeves and working with government and ICT partners to implement the recommendations in the report."
USTelecom and ITI have spearheaded a group -- the Council to Secure the Digital Economy -- that is “developing and promoting an international guide to anti-botnet baseline security practices for key segments within the ICT sector,” according to ITI.
The Cybersecurity Coalition, led by former White House cyber official Ari Schwartz, said in a statement that it “supports and agrees with the findings and recommendations of the Botnet Report. Specifically, the Coalition was encouraged by the report’s findings that public-private partnerships are critical to addressing the ongoing and growing threat automated, distributed threats present to the global cybersecurity ecosystem.”
Schwartz said: “DHS and Commerce put a lot of hard work into this report and the end-result is strong. The Cybersecurity Coalition wishes to thank them for this excellent report and looks forward to partnering with DHS, Commerce and the White House on the needed public-private partnership for its implementation.”
Telecommunications Industry Association senior vice president of government affairs Cinnamon Rogers issued a statement saying: “The open and transparent interagency process led by DHS and Commerce demonstrates the kind of clear and constructive coordination between government and industry that is vital to addressing ecosystem-wide security challenges in our increasingly connected world. We are encouraged by the emphasis the final report places on prioritizing recommended actions and look forward to building on this work with our government partners in the months ahead.” -- Charlie Mitchell (cmitchell@iwpnews.com)