U.S. Government Releases Report on IoT Botnets and Other Distributed Attacks
The Departments of Homeland Security and Commerce released on May 30, 2018, their report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats ("Report"). The Report, which responds to the President's May 11, 2017, cybersecurity Executive Order, comes a week after the FBI issued a warning about a sophisticated botnet that infected home networks worldwide. It concludes that the challenges in reducing botnets and other distributed threats targeting the internet of things ("IoT") can be summarized around six basic themes:
- Distributed attacks are a global problem, with many of the compromised devices located outside the United States.
- Although effective tools to combat botnets exist, they are not widely used during product development and deployment.
- Security challenges arise at all stages of a product's lifecycle, from initial deployment to vulnerabilities that require patching to continued use after vendor support ends.
- Consumers and some enterprise users often are unaware that their devices may play a role in botnet attacks and do not understand how to use available controls.
- Market incentives motivate manufacturers and vendors to minimize cost and time to market, often at the expense of security.
- Addressing distributed attacks is a challenge for the entire ecosystem, and no single actor can adequately protect against them.
The Report calls on the government, industry, and users to collaborate on investments and actions to mitigate this threat. It recommends 24 actions, which include establishing international standards for the security of IoT devices; wider adoption of tools to reduce the incidence of vulnerabilities in commercial software; expanded information-sharing of actionable threat information among internet service providers, the government, and other stakeholders; development of best practices for traffic management; and increasing awareness through mechanisms such as product labeling.
The Departments of Homeland Security and Commerce commit to developing, in coordination with industry and international partners, an initial road map to prioritize actions and then to support implementation of that road map by fostering private-sector leadership and coordination and helping to lead international engagement.
For further information, please contact your principal Firm representative or the lawyers listed below. General email messages may be sent using our "Contact Us" form, which can be found at www.jonesday.com/contactus/.
Samir C. Jain
Richard M. Martinez
Jones Day publications should not be construed as legal advice on any specific facts or circumstances. The contents are intended for general information purposes only and may not be quoted or referred to in any other publication or proceeding without the prior written consent of the Firm, to be given or withheld at our discretion. To request reprint permission for any of our publications, please use our "Contact Us" form, which can be found on our website at www.jonesday.com. The mailing of this publication is not intended to create, and receipt of it does not constitute, an attorney-client relationship. The views set forth herein are the personal views of the authors and do not necessarily reflect those of the Firm.