On Friday, the U.S. Departments of Commerce and Homeland Security released a draft report on enhancing resilience against botnets.
The report was in response to a May 2017 executive order by the Obama administration to strengthen the cybersecurity of federal networks and critical infrastructure.
U.S. infrastructure is highly vulnerable, was Joseph Demarest, the [FBI’s Assistant Director of the Cyber Division [testifying before Congress in 2014](https://www.fbi.gov/news/testimony/taking-down-botnets saying that “botnets have caused over $9 billion in losses to U.S. victims and over $110 billion in losses globally. Approximately 500 million computers are infected globally each year, translating into 18 victims per second.
What is a “Botnet”?
“Botnets” are linked internet-connected devices able to perform coordinated functions that use their collective computing power to overwhelm web systems. They are commonly used in “distributed denial of service” (DDoS) attacks to send innumerable requests at the target’s servers, knocking them offline.
Botnets have simplified the process of carrying out attacks. Previously, hackers needed large networks of computers to carry out attacks. Now, there are a lot more types of device to hack - almost all of which are much less secure.
Why Is the Government Worried?
According to AT&T research in 2016, 73 percent of companies that responded to a global survey reported at least one DDoS issue in the past year. They have also grown more powerful, and harder to fight, in the past few years.
This is largely due to the Internet of Things and its “poorly secured Internet-based security cameras, digital video recorders (DVRs), and Internet routers,” going mainstream, described Brian Krebs, an independent cybersecurity researcher and journalist.
Additionally, state-sponsored groups and state governments themselves have increasingly gotten into the field, with North Korea, Iran[https://www.reuters.com/article/us-usa-iran-cyber/exclusive-u-s-to-charge-iran-in-cyber-attacks-against-banks-new-york-dam-sources-idUSKCN0WP2NM], and China linked to attacks on U.S. infrastructure, banks, and media.
So, What Now?
The report lists a number of challenges and goals to increase the U.S.’s resiliency, including the need for more education and public awareness, international and cross-sector cooperation, and incentivizing the market from speed and cheap production, and towards security. It also asks for stakeholders’ comments in moving forward to address the challenges.
And, in the meantime, consumers can start taking some simple measures to protect ourselves: change your factory passwords, and make sure to update your software regularly.
Additional reporting by Inverse staff.