Big ISPs Convince FCC to Scrap CyberSecurity Program
Couldn't Agree to List of Voluntary Security Guidelines
Back in March of last year you might recall that the FCC announced
they had cooked up a new voluntary "cybersecurity" program designed to shore up and unify ISP responses to botnets and other security threats. The plan essentially just urged ISPs to voluntary follow a code of practice for shoring up security measures versus botnets, attacks on the Domain Name System (DNS), and Internet route hijacking. The recommendations simply nudged lazy and/or cheap ISPs to do things more security proactive ISPs like Comcast (at least in terms of DNS security) were already doing.
Fast forward a year and the program has now been scrapped entirely. According to the Wall Street Journal
, ISPs have managed to bicker their way out of any cybersecurity improvements whatsoever, voluntary or otherwise (the Journal repeatedly incorrectly describes them as regulations). Many don't want to to pay for security upgrades, may not want to be advertised as security incompetents, or in some cases just don't want to acknowledge any FCC authority over them given pending neutrality lawsuits:
"Any connection between the FCC and any statement of what needs to be done in cybersecurity appears to be poison to these companies that control the Internet," said Alan Paller, a co-chairman of the group and founder of the Sans Institute, a cybersecurity research and education institute (and member of the FCC cybersecurity panel)
Given the government's abuse
of the term "cybersecurity" and frequent general incompetence when it comes to technology, fear of new regulations on this front is understandable. But in this case, again, all this was was a list of recommendations many ISPs were already following, and may have been a useful nudge for those ISPs with a particular acumen for security incompetence.
Re: who needs security? Unified also means implementations are all the same, too.
So, that means good news for hackers, who will have an easier time than they already are at breaking into these 'cybersecure' places.
But, you know, letting people figure out what works for them and not having to do data collection for the government, that is just boulderdash, right?
We obviously need a *unified* program, because making up your own plan, and choosing not to share data with government - these people are obviously doing something wrong.