On January 5, 2017, the U.S. Department of Commerce and the U.S. Department of Homeland Security released a draft report to President Trump in response to the Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure issued on May 11, 2017.
- A Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats | PDF
The report, which was created with broad input from stakeholders and experts, summarizes the opportunities and challenges in reducing the botnet threat, and offers supporting actions to be taken by both the government and private sector in order to reduce the threat of automated cyber-attacks.
The report lists five complementary goals that would improve the resilience of the ecosystem:
1. Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace
2. Promote innovation in the infrastructure for dynamic adaptation to evolving threats
3. Promote innovation at the edge of the network to prevent, detect, and mitigate bad behavior
4. Build coalitions between the security, infrastructure, and operational technology communities domestically and around the world
5. Increase awareness and education across the ecosystem
The report identifies six principal themes:
1. Automated, distributed attacks are a global problem.
2. Effective tools exist, but are not widely used.
3. Products should be secured during all stages of the lifecycle.
4. Education and awareness is needed.
5. Market incentives are misaligned.
6. Automated, distributed attacks are an ecosystem-wide challenge.
Request for Comment
The Department of Commerce is requesting comment on the report, seeking a response to the issues raised and goals it identifies, as well as the proposed approach, current initiatives, and next steps.
Following the comment period, the Department of Commerce will host a two-day workshop to discuss a way forward. The workshop will be held February 28 and March 1, at the National Institute of Standards and Technology's National Cybersecurity Center of Excellence in Rockville, MD. A final report, incorporating comments and other feedback received, is due to the President on May 11, 2018.
All interested stakeholders are encouraged to comment on the draft report. Comments must be received by 5 p.m. Eastern Time on February 12, 2018. Written comments may be submitted by email to Counter_Botnet@list.commerce.gov.