WASHINGTON March 5, 2012. Since our Broadband Breakfast Panel Discussion on “Cybersecurity Legislation in Congress: Where Does it Stand” a couple of weeks ago there have been some notable cybersecurity headlines that we wanted to update you on.
Since the panel, GOP Senators John McCain (R-Ariz.), Sen. Kay Bailey Hutchison (R-Tex.), Chuck Grassley (R-Iowa), Saxby Chambliss (R-Ga.), Lisa Murkowski (R-Ark.), Dan Coats (R-Ind.), Ron Johnson (R-Wisc.), and Richard Burr (R-N.C.) have co-sponsored a bill titled, The Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (SECURE IT) Act that would use more incentives, rather than regulation, to spur companies to adopt cybersecurity measures.
Senator McCain believe that the legislation will focus on dealing with the real threat of cybersecurity attacks, “The SECURE IT Act strengthens America’s cybersecurity by promoting collaboration and information-sharing, updating our criminal laws to account for the growing cyber threat and enhancing research programs to protect our critical networks.”
Federal Communications Commission Chairman Julius Genachowski also chimed in on cybersecurity in the past couple of weeks and delivered a keynote address at a Bipartisan Policy Center event titled: Cyber Security: New Models for the Future.
Chairman Genachowski opened his remarks on by saying that the F.C.C. is working with providers and other stakeholders to tackle key threats to the nation’s cybersecurity. He issued a call for these stakeholders to take concrete steps to address three important issues: botnets, domain name fraud and route hijacking.
Genachowski explained that botnets are often used to launch cyber attacks, such as distributed denial-of-service attacks, which can bring sites down, making them unavailable to actual users. He went on to say that the average user has to be educated – that informing him or her means empowering to protect. But he also said that Internet Service Providers must increase customer awareness, detect and notify a customer of malware – all without compromising the customer’s privacy. Genachowski highlighted Comcast and CenturyLink as having best practices, and called on all providers to make an industry-wide code of conduct to combat botnets.
Internet route hijacking, when information can be read or stolen through unsecured border gateway protocols, was also mentioned by Genachowski. He urged network operators to “adopt secured routing standards” – which are currently being developed by engineers – as soon as they are ready for implementation.
Lastly, Genachowski mentioned domain name fraud, the practice that allows for the misdirection of users to fraudulent websites that look like the intended destination, inducing the user to divulge personal or financial information to the fraudulent site. The Internet Engineering Task Force, an independent open standards organization, has endorsed DNSSec, a DNS standard developed with privacy in mind, Genachowski said. He also endorsed DNSSec, but noted that while the Internet should be secure, it should also remain open. Genachowski lamented that DNSSec’s adoption in the private sector has been slow – despite its readiness – and urged all Internet Service Providers to adopt it.
In his address, Genachowski stated “if you shut down the Internet, you’d shut down the economy.” He stressed that the physical buildout of broadband would create hundreds of jobs, not to mention the online marketplaces that, once in place, this broadband would support.
Genachowski went on to say that broadband benefits went beyond jobs. Broadband allows for remote healthcare and education and can increase public safety via next-generation 911 technology and a nationwide interoperable first-responders’ network.
He said that both opportunity and challenge are created by the Internet – and that cybersecurity threats risk undermining these opportunities and will suppress broadband adoption. Genachowski emphasized that we should preserve the ingredients that have fueled the Internet’s success: freedom and openness, complementary privacy and security, and a multi-stakeholder model to find solutions to cybersecurity risks.