Back in March of last year you might recall that the FCC
announced they had cooked up a new voluntary "cybersecurity" program designed to shore up and unify ISP responses to botnets and other security threats. The plan essentially just urged ISPs to voluntary follow a code of practice for shoring up security measures versus botnets, attacks on the Domain Name System (DNS), and Internet route hijacking. The recommendations simply nudged lazy and/or cheap ISPs to do things more security proactive ISPs like Comcast (at least in terms of DNS security) were already doing.
Fast forward a year and the program has now been scrapped entirely. According to the
Wall Street Journal, ISPs have managed to bicker their way out of any cybersecurity improvements whatsoever, voluntary or otherwise (the Journal repeatedly incorrectly describes them as regulations). Many don't want to to pay for security upgrades, may not want to be advertised as security incompetents, or in some cases just don't want to acknowledge any FCC authority over them given pending neutrality lawsuits:
"Any connection between the FCC and any statement of what needs to be done in cybersecurity appears to be poison to these companies that control the Internet," said Alan Paller, a co-chairman of the group and founder of the Sans Institute, a cybersecurity research and education institute (and member of the FCC cybersecurity panel)
Given the government's
abuse of the term "cybersecurity" and frequent general incompetence when it comes to technology, fear of new regulations on this front is understandable. But in this case, again, all this was was a list of recommendations many ISPs were already following, and may have been a useful nudge for those ISPs with a particular acumen for security incompetence.
·
·
·
