FCC chairman calls on ISPs to help fight cyber attacks

Federal Communications Commission Chairman Julius Genachowski wants Internet service providers to work with government and security experts to adopt voluntary standards to protect consumers from cyber attacks.

On Wednesday, the chairman gave a speech in Washington, D.C., in which he discussed voluntary measures that ISPs and other technology companies could take to help protect the public from three major cyber threats: botnets, domain name fraud, and IP hijacking.

"Cyber attacks pose a critical threat to our economic future and national security," he said in his speech. "If you shut down the Internet, you'd shut down our economy."

The chairman's remarks come on the heels of some very high-profile attacks on large corporations last year, including attacks on banking giant Citigroup and defense contractor Lockheed Martin. Now some lawmakers are pushing for more comprehensive cyber security legislation to beef up protection for computer networks of critical infrastructure. Last week, a bipartisan Senate bill was introduced that would require companies, such as power plants and electricity and water utilities, to have tougher defenses against cyber attacks.

But instead of proposing new laws or new regulations to help protect against these attacks, Genachowski said ISPs and other technology companies should adopt industry-wide best practice standards.

Genachowski said that ISPs should notify subscribers when their computers are infected with malware and potentially tied to a botnet to help prevent attacks on other sites. This has been a common technique used by the group Anonymous, which has successfully targeted both government-related and private industry networks and Web sites.

He also suggested that ISPs adopt secure routing standards to protect against Internet Protocol hijacking. Genachowski said that the cost of implementing such measures could be minimized by putting standards in place that could be updated with routine updates to routing infrastructure.

He also called on Internet service providers to implement a suite of security tools to protect the Internet's Domain Name System called DNSSEC.

Genachowski said that it's important for Internet service providers to be a part of the solution to help thwart these threats.

"The cyber threat is growing," he said. "If we fail to tackle these challenges, we will pay the price in the form of diminished safety, lost privacy, lost jobs and financial vulnerability--billions of dollars potentially lost to digital criminals."

Broadband provider Verizon Communications supports the chairman's suggestion.

"Protecting cyberspace requires participation from all parts of the Internet ecosystem," Kathleen Grillo, Verizon senior vice president of federal regulatory affairs, said in a statement. "We appreciate the chairman's cooperative approach and look forward to working with our partners in the industry and the government as we collaborate on ways that will ensure cybersecurity and protect critical networks."

Comcast also applauded the Genachowski's approach to solving this problem. Kyle McSlarrow, the head of Comcast's public policy operations, agreed that "industry-led solutions, rather than government mandates" is the best approach to address this problem.

"To be effective, everyone who is a part of the Internet ecosystem must play a meaningful role in ensuring that private and government networks, and personal computers and devices are secured," he said in a blog post following the Genachowski's speech. "Comcast will continue to develop innovative solutions and participate in multi-stakeholder organizations to assist in the development of real-world solutions, best practices, codes of conducts and guidelines."

Still, Genachowski emphasized that whatever measures are taken by service providers and the government to keep networks secure must also protect subscribers privacy.

"There are some who suggest that we should compromise privacy to enhance online securith," he said. "This too is a false choice. Privacy and security are complementary - both are essential to consumer confidence and adoption of broadband. We can and must improve online security while protecting individuals' privacy."