FCC Announces Voluntary CyberSecurity Program
Urges ISPs to Follow Comcast's Lead on Botnets DNS Security
Last month FCC boss Julius Genachowski gave a speech in which he urged ISPs to beef up their security practices
, citing Comcast and CenturyLink as two companies that did things right in regards to handling botnets and other menaces. Yesterday Genachowski took things one step further by announcing
a new voluntary Cybersecurity program that urges ISPs to shore up security measures versus botnets, attacks on the Domain Name System (DNS), and Internet route hijacking.
To be clear, the FCC is recommending ISPs adopt programs most of them have already adopted. Comcast for example has been at the forefront of DNSSec upgrades
and walled garden botnet alert systems
since 2009. There have, as you might expect, been some stragglers on this front who don't want to spend the necessary funds to expand their network security efforts. AT&T, for example, recently stated
they had no interest in seriously beefing up their anti-botnet measures.
According to the FCC's program fact sheet
, the program is absolutely voluntary -- meaning that if ISPs aren't doing a good job now shoring up network security, this will change nothing. What it does is deliver a few quick political brownie points to the FCC, who in recent years has perfected these kind of "show pony" efforts (like our national broadband plan
) that say a lot but accomplish little. It also tries to pre-empt Cybersecurity laws pending in Congress. That may or may not be a good thing, depending on the proposed law and the level of technical insight of the author (in Congress, usually very low).
The effort may at the very least provide a framework (though most of it was established without the FCC's help
) for less competent ISPs to follow if they're seriously willing to invest the funds, though it's unlikely the politicians at the FCC can offer network insight most operators don't already possess. According to the agency, Time Warner Cable, Sprint, CenturyLink, Comcast, AT&T, Verizon, T-Mobile and Cox have all signed off on the program.
Re: give me the option of a completely unfiltered connection
said by thomas2011 :And who certifies you know what you are doing and are malware free? The ISP should take your word for that?
this may be fine for the mainstream to get machines virus free(if it really works)
but please we should also have an option of a completely open unfiltered/untouched IP connection for those people who can keep their own network or machines malware free.
The nine most terrifying words in the English language are, I'm from the government and I'm here to help.
| || I agree — there should definitely be a way to opt-out easily. The vast majority of the population who knows nothing about computers would not opt out, and they're usually the ones that require such protection anyways.|
For example, it does make sense if outgoing smtp port 25 is blocked by default, especially on residential connections; however, it should equally be possible to easily unblock it on request. Which is what currently happens with AT&T, and is a good practice, IMHO. (Although, to be fair, it seemingly does take some persistence to get someone on the line who can make the change, I've had no success trying to unblock it through online chat, but some second-tier tech support did it without a problem, even offering to setup rDNS.)
Re: Blind leading the lemmings... I wouldn't chalk that up to stupidity but probably more to different parts of the company pulling in different directions. If you were to ask and be able to get honest answers, I'd be willing to bet that things like DNSSEC were being pushed by the folks running the Internet division, and upper management, who is more oriented toward TV, likely simply nodded and went along, even though they probably didn't really understand it. OTOH, SOPA was probably being pushed by corporate because, as you know, Comcast either owns or is in bed with lots of TV programmers, but I'll bet that the Internet folks there hated the idea.