FCC Targets Botnets With New Anti-Bot Code Of Conduct


Share this Post

With one of every ten computers in the United States infected by bots, botnets have officially become enough of a menace/threat/foe to the U.S. government that its launching an initiative to reduce their number.

Announced earlier today, The Online Trust Alliance joined a unanimous vote at the Federal Communications Commission's council for communications security, approving the voluntary U.S. Anti-Bot Code of Conduct for Internet Service Providers. You ready for this? The shorthand version of the bill is known as "the ABCs for ISPs." Cute, isn't it?

As a member of the council appointed by FCC Chairman Julius Genachowski, the OTA has been working with the FCC and leading ISPs to develop this voluntary Code in order to help protect the infrastructure of the country's communications as well as consumer data. Bots, as you may or may not know, can be deployed to do anything from send out spam to eavesdrop on network traffic to swiping passwords from users.

"Today is an example of the importance of self-regulatory efforts to help improve the safety and performance of the internet," said Craig Spiezle, executive director and President of the Online Trust Alliance. "Sustainable solutions to contain bots must include all stakeholders in efforts to detect, prevent, and remediate these threats."

Chairman Genachowski added, "The recommendations approved today identify smart, practical, voluntary solutions that will materially improve the cyber security of commercial networks and bolster the broader endeavors of our federal partners."

The development of the ABCs for ISPs was developed over the past 12 months with the participation of trade associations and companies, including OTA members PayPal, Microsoft, Symantec, and Internet Identity, and leading ISPs, including Comcast and CenturyLink. Approximately 29% (or 23 million) of all U.S. households that have broadband service will gain added protection from ISPs who have adopted the Anti-Bot Code of Conduct. Focusing on residential users, the Code includes five areas of focus for ISPs: education, detection, notification, remediation, and collaboration (EDNRC? Doesn't quite follow in line with the previous acronyms).

To participate in the Code, ISPs will be required to complete at least one activity in each of those five areas:

  • Education - an activity intended to help increase end-user education and awareness of botnet issues and how to help prevent bot infections;
  • Detection - an activity intended to identify botnet activity in the ISP's network, obtain information on botnet activity in the ISP's network, or enable end-users to self-determine potential bot infections on their end-user devices;
  • Notification - an activity intended to notify customers of suspected bot infections or enable customers to determine if they may be infected by a bot;
  • Remediation - an activity intended to provide information to end-users about how they can remediate bot infections, or to assist end-users in remediating bot infections;
  • Collaboration - an activity to share with other ISPs feedback and experience learned from the participating ISP's Code activities.
  • Future OTA reports will track adoption, highlighting those ISPs who have asserted their implementation of the Code. As independent organizations committed to enhancing online trust and confidence, ISPs are encouraged to report to OTA. Future reports will include the adoption of similar efforts by other stakeholders and industry segments. Additional information and the link to the Code are posted at https://otalliance.org/botnets.html.