ISPs Adopt Cyber Security Recommendations

Cybersecurity advisor Richard Clarke is warning the U.S. that its major companies are being regularly infiltrated by Chinese hackers employed by the Chinese government to steal R&D.

Clarke said during an interview with the Smithsonian. “Every major company in the United States has already been penetrated by China. My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese.

“The U.S. government is involved in espionage against other governments,” he says flatly. “There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. We don’t hack our way into a Chinese computer company like Huawei and provide the secrets of Huawei technology to their American competitor Cisco. We don’t do that.”

“I think it’s pretty clear that the United States government did the Stuxnet attack,” said Clarke in the Smithsonian interview.

In a TED Talk recorded in February 2011, a security expert stated that, “The leading force behind Stuxnet is the cyber superpower – there is only one; and that’s the United States.”

Clarke is promoting his recent book, Cyber War.

In related news, the FCC’s Communications, Security, Reliability, and Interoperability Council (CSRIC) unanimously approved the recommendations for the nation’s largest ISPs including AT&T, CenturyLink, Comcast, Cox, Sprint, Time Warner Cable, T-Mobile, Verizon, among others, to adopt cyber-security recomendations that address attacks on the Domain Name System (DNS), and Internet route hijacking. CSRIC’s mission is to provide security recommendations to the FCC.

Specifically, the advisory committee endorsed industry-based recommendations in each of these three areas,

  • Anti-Bot Code of Conduct — To reduce the threat of botnets in residential networks, CSRIC recommended a voluntary U.S. Anti-Bot Code of Conduct for Internet Service Providers (Anti-Bot Code). Under the Anti-Bot Code, ISPs agree to educate consumers about the botnet threat, take steps to detect botnet activity on their networks, make consumers aware of botnet infections on their computers, offer assistance to consumers whose computers are infected and collaborate with other service providers that have also adopted the Anti-Bot Code.
  • DNS Best Practices — CSRIC recommended that ISPs implement best practices to better secure the Domain Name System by using DNSSEC, a set of secure protocol extensions that prevent such fraudulent activity. This recommendation is a significant first step toward full DNSSEC implementation by ISPs and will allow users, with software applications like browsers, to validate that the destination they are trying to reach is authentic and not a spoofed website.
  • IP Route Hijacking Industry Framework — CSRIC recommended an industry framework to prevent Internet route hijacking, which is the erroneous routing of Internet traffic through potentially untrustworthy networks. CSRIC recommended that ISPs work to implement new technologies and practices to reduce the number of these events, thereby ensuring that users in the U.S. can be more confident that their Internet traffic will not be exposed to scrutiny by other networks, foreign or domestic, through misrouting.

60 Minutes ran an interview this month with Michael Hayden, former chief of the NSA and CIA, on the Stuxnet virus. Hayden has publicly called for legislators to harness the power of the NSA in fighting cyberattacks, saying the NSA has the ability to fight the war, now it needs the authorization to unleash it.

Related Dailywireless articles include; Russians Not Controling Springfield Water Pumps, Dueling Cyber Security Bills, SCADA: How Big a Threat?, Stuxnet: Year One, Cyber War: The New Frontier, Satellite Hacked?, Chinese Telecoms Investigated As Security Threat, Wireless Providers Team on AMR and SmartGrid.

Posted by Sam Churchill on .

Leave a Reply