NIST issues draft report on Internet and communications ecosystem resilience
- Published: Monday, 08 January 2018 16:13
NIST has published a draft report, written by the US Departments of Commerce and Homeland Security, which looks at ‘Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats’.
The draft report establishes goals and proposes actions to address automated and distributed threats to the digital ecosystem as part of the activity directed by Executive Order 13800, ‘Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure’.
Comments on the draft report are requested, with a deadline of February 12th 2018. NIST has also announced a public workshop on February 28th and March 1st for further discussion of the comments.
The abstract for the report reads as follows (verbatim):
This draft report responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order called for “resilience against botnets and other automated, distributed threats,” directing the Secretary of Commerce, together with the Secretary of Homeland Security, to “lead an open and transparent process to identify and promote action by appropriate stakeholders” with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets). The Departments of Commerce and Homeland Security worked jointly on this effort. They determined that the opportunities and challenges in working toward dramatically reducing threats from automated, distributed attacks can be summarized in six principal themes:
- Automated, distributed attacks are a global problem.
- Effective tools exist, but are not widely used.
- Products should be secured during all stages of the lifecycle.
- Education and awareness is needed.
- Market incentives are misaligned.
- This is an ecosystem-wide challenge.
The Departments identified five complementary and mutually supportive goals that would dramatically reduce the threat of automated, distributed attacks and improve the resilience of the ecosystem. A list of suggested actions for key stakeholders reinforces each goal. The goals are:
Goal 1: Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace.
Goal 2: Promote innovation in the infrastructure for dynamic adaptation to evolving threats.
Goal 3: Promote innovation at the edge of the network to prevent, detect, and mitigate bad behavior.
Goal 4: Build coalitions between the security, infrastructure, and operational technology communities domestically and around the world.
Goal 5: Increase awareness and education across the ecosystem.