[kictanet] Fw: [AfrICANN-discuss] US ISPs commit to new cybersecurity measures

Harry Delano harry at comtelsys.co.ke
Fri Mar 23 15:24:04 EAT 2012 

Alice Best,

 

At best, this offers an insight into how such a sensitive measure can be
best handled - approached with all sensitivity/transparency observed -
laying 

out clear parameters of what is being targeted and what needs to be
achieved. Something akin to a PPP initiative - like Kenic, which has worked
so 

well in our context.

 

We need to adopt a similar 'non-opaque' approach in the development of the
current National Firewall. To date all information out in the public 

domain is quite vague and only serve to feed a lot of fodder to the rumor
mill doing rounds and might just throw a spanner into the works of

an otherwise good initiative.

 

CCK needs to come out clearly and state:-

.         Precisely what this National firewall is for and what is meant to
do. 

.         How transparently it will implement this and what data will be
affected, and at what point.

.         How it plans to develop partnerships to move this forward, and
avoid ultimatums to service providers..

.         We are still waiting.

 

Harry

 

From: kictanet-bounces+harry=comtelsys.co.ke at lists.kictanet.or.ke
[mailto:kictanet-bounces+harry=comtelsys.co.ke at lists.kictanet.or.ke] On
Behalf Of alice at apc.org
Sent: Friday, March 23, 2012 12:33 PM
To: harry at comtelsys.co.ke
Cc: KICTAnet ICT Policy Discussions
Subject: [kictanet] Fw: [AfrICANN-discuss] US ISPs commit to new
cybersecurity measures

 


US ISPs commit to new cybersecurity measures


The recommendations from an FCC advisory committee target botnets, domain
name fraud and Internet route hijacking


By Grant Gross 


http://www.csoonline.com/article/702666/us-isps-commit-to-new-cybersecurity-
measures

March 22, 2012 - IDG News Service - A group of U.S. Internet service
providers, including the four largest, have committed to taking new steps to
combat three major cybersecurity threats, based on recommendations from a
U.S. Federal Communications Commission advisory committee.

The ISPs, including AT&T, Comcast, Time Warner Cable and Verizon
Communications, committed Thursday to implement measures to fight botnets,
domain name fraud and Internet route hijacking. The FCC's Communications,
Security, Reliability, and Interoperability Council (CSRIC) adopted the
recommendations for voluntary action by ISPs the same day.

Eight wired and wireless ISPs, representing about 80 percent of the
broadband subscribers in the U.S., are members of CSRIC
<http://transition.fcc.gov/pshs/advisory/csric/members.html>  and signed on
to the recommendations. 

"These actions will have a significant positive impact on Internet
security," FCC Chairman Julius Genachowski said. "If you own a PC, you'll be
significantly better protected against your computer [being] taken over by a
bad actor, who could destroy your private files or steal your personal
information. If you shop or bank online, you'll be significantly better
protected against being directed to an illegitimate website and having your
credit card number stolen."

The recommendations preserve the open architecture of the Internet and
protect Internet users' privacy, Genachowski said.

The CSRIC recommendations embraced by the ISPs include an antibot code of
conduct. ISPs agreed to educate customers about botnets and to take steps to
identify botnet activity on their networks. ISPs will also warn customers
about botnet infections on their computers and offer assistance to customers
with compromised computers, under the code of conduct.

The ISPs also committed to implement a set of best practices to secure the
Internet's Domain Name System by implementing DNSSEC, a set of secure
protocol extensions designed to prevent DNS spoofing.

CSRIC also recommended that the Internet industry develop an Internet
Protocol-route highjacking framework, including new technologies and
practices to limit the number of times that Internet traffic is misdirected.

T-Mobile USA, one of the ISPs signing on to the recommendations, called
cybersecurity an "extremely important issue." The company supports
voluntary, industrywide deployment of DNSSEC, T-Mobile said in a statement.

ISPs will need help from other Internet companies to implement the security
measures, said Bob Quinn, AT&T's senior vice president for federal
regulatory affairs. 

"DNSSEC is predicated upon a chain of trust across the Internet," he wrote
in a blog post
<http://attpublicpolicy.com/cybersecurity/cybersecurity-and-the-fccs-csric-r
ecommendations/> . "[CSRIC] recommends that key industry segments such as
banking, healthcare and others sign their respective domains and that
software developers, such as web-browser developers, study how and when to
incorporate DNSSEC validation functions into their software."

The botnet recommendations see a "significant role" for other companies,
including security software vendors and operating system developers, he
added. "Keeping the Internet safe for consumers to browse, transact business
and communicate is an important objective not only for AT&T but any other
business that operates online," he wrote.

Grant Gross covers technology and telecom policy in the U.S. government for
The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail
address is grant_gross at idg.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120323/4e5bab5d/attachment.htm>

More information about the KICTANet mailing list