Internet-service providers including Comcast,
Cox Communications and others
have committed to a Federal Communications
cybersecurity code of conduct, including
rolling out a Domain Name Security
System (DNSSEC, following Comcast’s lead), and helping
consumers should malware infect their computers.
Robert Fleischman is chief technology officer of Xerocole,
which provides DNS security software to ISPs, as well as
a technology commentator for New Hampshire Public
Radio. He spoke with Multichannel News Washington
bureau chief John Eggerton and offered advice for cable
operators and other ISPs about the roadblocks to consider
on the way to that more secure online future.
MCN: What was your
reaction to the FCC’s
announcement that major
ISPs had agreed to
the voluntary codes of
Robert Fleischman: I was
excited to see it because
what it really says to the
ISPs is that these are serious
issues that everyone
should address, so
we are going to put it on
your 12-month plan, not
“maybe someday we’ll do it five years from now.”
MCN: What’s the next step?
RF: I think the next step is to come up with a plan for a bot
information system. How are we going to, as a company, have
a system that scales and doesn’t cost us $1 million? Second,
what is our long-term plan for implementing [DNS security]?
MCN: What are the challenges to implementing botnet
protection and domain name security?
RF: At the high level, the first challenge is that customers tend
to get infected by things. The attacks are very sophisticated and
the goal of these botnets is to command and control a large
number of home PCs.
MCN: How will this code of conduct help cable operators
deal with those challenges?
RF: Providers have done relatively little to date. Now they have
agreed to be proactive, to make an attempt to detect when
their network has been affected, and do what they can to alert
the owner of the PC.
But the challenge to doing that is that it is not a trivial
thing. You basically have to keep track of what’s going on
in your network, and monitor other data feeds. And when
you discover a customer has been affected, you have to notify
them. And in general you want that to be somewhat automated.
My company and others provide solutions to that.
MCN: What about domain name security?
RF: That is the idea of adding cryptography to DNS [domain
name systems], which maps names into locations on the Internet.
The problem DNSSEC tries to fix is tricking people into
thinking they are going to one site when they are really going
to another. Two things to think about is that the people who
own a domain name have to put the cryptographic signature
in the DNS, and the providers have to agree to check those
signatures if they are there. What the [code] says is that providers
will start enabling the checking of signatures.
MCN: What do you think is the biggest challenge for cable
operators in implementing this?
RF: There is not much revenue to be produced by doing these
things. As you know, carriers don’t usually jump up and down
about things that don’t make them any money.