Upload
mallory-flores
View
25
Download
1
Embed Size (px)
DESCRIPTION
Working Group 7: Botnet Remediation Status Update. June 6, 2012 Michael O ’ Reirdan (MAAWG) - Chair Peter Fonash (DHS) – Vice-Chair. WG 7 Objectives. Working Group 7 – Botnet Remediation - PowerPoint PPT Presentation
Citation preview
Working Group 7: Botnet Remediation
Status Update
June 6, 2012
Michael O’Reirdan (MAAWG) - ChairPeter Fonash (DHS) – Vice-Chair
2
WG 7 Objectives
Working Group 7 – Botnet Remediation Description: This Working Group will review the efforts undertaken within the international community, such as the Australian Internet Industry Code of Practice, and among domestic stakeholder groups, such as IETF and the Messaging Anti-Abuse Working Group, for applicability to U.S. ISPs. Building on the work of CSRIC II Working Group 8 ISP Network Protection Practices, the Botnet Remediation Working Group shall propose a set of agreed-upon voluntary practices that would constitute the framework for an opt-in implementation model for ISPs. The Working Group will propose a method for ISPs to express their intent to op-into the framework proposed by the Working Group.
The Working Group will also identify potential ISP implementation obstacles to the newly drafted Botnet Remediation business practices and identify steps the FCC can take that may help overcome these obstacles.
Finally, the Working Group shall identify performance metrics to evaluate the effectiveness of the ISP Botnet Remediation Business Practices at curbing the spread of botnet infections.
3
WG 7 MembersName Organization
Michael O'Reirdan (Chair) MAAWG
Peter Fonash (Vice Chair) DHS
Robert Thornberry (Editor) Alcatel-Lucent
Michael Little
Applied Communications Sciences
Alex Bobotek AT&T
John Denning Bank of Amer.
Neil Schwartzman (Secretary) CAUCE
Chris Lewis CAUCE
Michael Glenn CenturyLink
Paul Diamond (Editor) CenturyLink
Jay Opperman Comcast
Matt Carothers Cox
Gunter Ollmann Damballa
Brian Done DHS
Name Organization
Daniel Bright EMC Inc
Mats Nilsson Ericsson
Kurian Jacob FCC
Vern Mosley FCC
Bill McInnis IID
Chris Sills IID
Tim Rohrbaugh Intersections
Barry Greene ISC
Merike Kaeo ISC
Ed White McAfee
Kevin Sullivan Microsoft
Jon Boyens NIST
Craig Spiezle OTA
Bill Smith PayPal
Gabe Iovino REN-ISAC
Johannes Ullrich SANS Institute
Name Organization
Adam O'Donnell Sourcefire
Alfred Huger Sourcefire
Greg Holzapfel Sprint
James Holgerson Sprint
Michael Fiumano Sprint
Kevin Frank Sprint
Maxim Weinstein StopBadware
Patrick Gardner Symantec
Tice Morgan T-Mobile
John Griffin TCS
Chris Roosenraad TWC
Joe St Sauver (Glossary)
Univ of Oregon/Internet 2
Robert Mayer USTelecom Assoc.
Eric Osterweil Verisign
John St. Clair Verizon
Timothy Vogel Verizon
4
Work Plan
Phase 1: Based on CSRIC II output, MAAWG recommendations and IETF draft, produce initial Code of Conduct
Phase 2: Identify Barriers to Code Participation
Phase 3: Develop Bot Metrics
5
Status
Phase 1: U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs) completed
– ISPs representing 86% of the U.S. residential subscriber market are either currently participating, or have agreed to participate, in the Code
– Efforts underway to outreach to the smaller ISPs to increase awareness and participation
6
Identification of Code Barriers
• Work in progress to:
– identify potential ISP implementation obstacles to the voluntary U.S. Code of Conduct for ISPs,– identify steps the FCC can take that may help overcome these obstacles, and– develop a framework to assist smaller ISPs identify and overcome potential barriers to Code participation
7
Code Metrics
• Work in progress to:
– identify performance metrics to evaluate the effectiveness of following the voluntary U.S. Anti-Bot Code of Conduct for ISPs at curbing the spread of botnet infections
8
Challenges
• Metrics work is proving extremely challenging• Australian iCode is only now starting work on developing metrics after two years of operation• Likely outcome is a work plan for developing metrics
Multi-Stakeholder Approach to Cybersecurity
ISPsISPs
EndUsersEndUsers
AppDev.AppDev.
AVVendorsAV
Vendors
PlatformVendorsPlatformVendors
e-CommerceOrgs.
e-CommerceOrgs.
CriticalInfra.CriticalInfra.
OSVendorsOS
Vendors
EnterprisesEnterprises
Int’lPartnersInt’l
Partners
ResearchInst.
ResearchInst.
Gov’tD/AsGov’tD/As
RegulatorsRegulators
WebHostsWebHosts
ContentProvidersContentProviders
PrivacyAdvocatesPrivacy
Advocates
• ISPs are in a position to detect botnets operating within their networks and notify end-users of suspected bot infections
• Other members of the Internet ecosystem have equally important roles to fulfill
• A multi-stakeholder approach is necessary in order to fully combat the botnet threat
9
10
Next Steps
• Determine long-term administration of Code participation• Continue Phase 2 - Identification of Barriers to Code Participation• Continue Phase 3 – Effectiveness Metrics• Deliver final report on Anti-Bot Code of Conduct - Barriers and Metrics – in December 2012