Botnets can be described as a good idea turned bad. These networks of connected computers and devices can be hacked and remotely controlled without the owner’s or user’s knowledge. The range of botnets includes computers and almost any unguarded Internet of Things (IoT) device, such as smart fridges, light bulbs or even smart door locks. A cybercriminal can gain access to and control these devices, completely unbeknownst to their owners.
In an effort to prevent the Federal network from falling prey to these forms of cyberattacks, the President signed an Executive Order on May 11, 2017, calling for improvements to the cybersecurity of both Federal and “Critical Infrastructure” networks. The Departments of Commerce and Homeland Security released a final report on May 22, 2018 to address this Executive Order. The report specifically responds to the call for “resilience against botnets and other automated, distributed threats.”
The report compiled a list of six opportunities and challenges associated with “automated, distributed attacks”:
“1. Automated, distributed attacks are a global problem. The majority of the compromised devices in recent noteworthy botnets have been geographically located outside the United States. To increase the resilience of the Internet and communications ecosystem against these threats, many of which originate outside the United States, we must continue to work closely with international partners.
- Effective tools exist, but are not widely used. While there remains room for improvement, the tools, processes, and practices required to significantly enhance the resilience of the Internet and communications ecosystem are widely available, and are routinely applied in selected market sectors. However, they are not part of common practices for product development and deployment in many other sectors for a variety of reasons, including (but not limited to) lack of awareness, cost avoidance, insufficient technical expertise, and lack of market incentives.
- Products should be secured during all stages of the lifecycle. Devices that are vulnerable at time of deployment, lack facilities to patch vulnerabilities after discovery, or remain in service after vendor support ends make assembling automated, distributed threats far too easy.
- Awareness and education are needed. Home users and some enterprise customers are often unaware of the role their devices could play in a botnet attack and may not fully understand the merits of available technical controls. Product developers, manufacturers, and infrastructure operators often lack the knowledge and skills necessary to deploy tools, processes, and practices that would make the ecosystem more resilient.
- Market incentives should be more effectively aligned. Market incentives do not currently appear to align with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks.” Product developers, manufacturers, and vendors are motivated to minimize cost and time to market, rather than to build in security or offer efficient security updates. Market incentives must be realigned to promote a better balance between security and convenience when developing products.
- Automated, distributed attacks are an ecosystem-wide challenge. No single stakeholder community can address the problem in isolation.”
The Departments also generated several goals to aid in the reduction of the threats that today’s botnets pose. These goals include: the identification of a clear path toward a better technology marketplace; the promotion of a dynamic infrastructure to combat evolving threats; the continued improvement of the network’s prevention, detection, and mitigation of these attacks; the support of coalitions between security, operational, and infrastructural technology communities; and an increase in education and awareness about botnets.
In pursuing these goals, the Federal government will “dramatically reduce the threat of automated, distributed attacks.” Consumers should remain vigilant, watching for any suspicious emails or communications which could link their devices with a botnet or otherwise compromise their personal information or data security.