Oct. 4 (Bloomberg) -- A proposed industry standard for Internet-service providers including AT&T Inc. and Comcast Corp. to combat computer viruses known as botnets may overlap with existing efforts and burden small providers.
The Homeland Security and Commerce departments are seeking comments through Nov. 4 on the creation of a voluntary program that would “reduce the harm that botnets inflict” on U.S. networks. Such viruses harness groups of infected computers to flood corporate and government networks with unwanted traffic that can take down systems.
The agencies suggested that Internet-service providers monitor customers’ computers to detect botnets and then notify subscribers of infections, according to a Sept. 21 Federal Register notice. ISPs, which have contact information and a “pre-existing relationship” with users, can inform customers how they can remove the virus, according to the notice.
Small providers may not have the resources or staffing to support the requirements of such a voluntary code of conduct, Kate Dean, executive director of the Washington-based U.S. Internet Services Provider Association, said in an interview.
“The question we have to ask is how voluntary is voluntary,” said Dean, whose group’s members include AT&T and Comcast.
“It’s very important to acknowledge that ISPs are already at the forefront of cybersecurity,” she said. The providers compete in a marketplace where consumers are demanding help from their providers on computer security.
The U.S. needs to improve its ability to prevent and contain botnet infections, which can affect “other computers and systems,” Howard Schmidt, White House cybersecurity coordinator, said during a conference in Washington today.
Symantec Corp., a computer security company based in Mountain View, California, estimates there are about 3.5 million to 5.4 million botnets worldwide.
Internet-service providers have a “direct connection to users” that helps them identify infected machines, making the companies “uniquely positioned” to stem botnet infections, according to a Bloomberg Government briefing published in February.
Any industry standards backed by the U.S. must be flexible enough to ensure that ongoing private-sector efforts are not hampered, Cameron Kerry, general counsel for the Commerce Department, said during the conference.
“Pure government planning in this space is a prescription for failure,” Kerry said, pointing to efforts by Comcast to notify customers with infected computers.
Comcast spokeswoman Sena Fitzmaurice declined to comment on the government’s proposal because the company is still reviewing it. Fitzmaurice said Comcast is already taking steps to alert subscribers about botnets and provides resources to help remove the viruses from computers.
Michael Balmoris, a Washington-based spokesman for AT&T, did not immediately respond to a request for comment.
Comcast and CenturyLink Inc. are “doing good things” to assist customers in combating botnets, Ari Schwartz, senior Internet policy adviser for the Commerce Department’s National Institute of Standards and Technology, said during the conference.
The government’s proposal envisions using incentives for companies to further develop their security efforts. One such incentive would allow “companies to sell security products to” customers whose computers have been infected, Schwartz said.
--Editors: Michael Shepard, Allan Holmes
To contact the reporter on this story: Juliann Francis in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Michael Shepard at email@example.com