Policy

NTIA Releases Cybersecurity Report

Is part of larger effort to collect input on attacks 9/18/2017 4:44 PM Eastern

The National Telecommunications & Information Administration has released a report on botnets, DDoS attacks and other cyber threats.

The report was based on over 40 responses to NTIA's request for comments on those attacks, which was issued  last June. A final report that incorporates the NTIA report is due to the President by May 11, 2018.

NTIA got 47 responses, including from NCTA-The Internet & Television Association, with what the agency said were several broad themes: addressing risks is a shared responsibility; distributed, automated attacks are linked to other threats; they are global and require international cooperation.

NTIA said the commenters "resoundingly" endorsed voluntary, consensus-based and community-led processes, including the National Institute of Standards & Technology and NTIA's privacy multistakeholder processes.

There were also strong voices against too large a regulatory role by government, but others said that the lack of existing security protectoin and the lack of market incentives to adopt them meant there was greater need for "policy interventions."

Securing Securing internet of things (IoT) devices was a big concern, as was just how that could happen with the not-yet-mature marketplace.

They agreed that "More tools and better, more widely adopted practices are needed." They also agreed that being able to get together on a solution was key. "Stakeholders emphasized the importance of information sharing and collaboration between infrastructure providers, defensive security services that protect against DDoS attacks, and the victims of these attacks," said the report.

NTIA said stakeholders held out hope for addressing botnets between the ISP and the device, and said that one place for "active" government involvement was disrupting networks generating distributed automated attacks.

A draft of the overall report, including input from a NIST workshop and a National Security Telecommunications Advisory Committee’s (NSTAC) Internet and Communications Resilience (ICR) subcommittee report on the issue,  will be released for public comment 30 days of public comment on Jan. 5, 2008.

Want to read more stories like this?
Get our Free Newsletter Here!