The Problem With Bots

John Dickson, CISSP, principal at Denim Group and a former U.S. Air Force officer who served in the Air Force Information Warfare Center, also expressed disappointment in the report, saying it was “completely devoid of specific policy ideas and recommendations.”

For instance, Dickson says he would have liked to have seen more specific recommendations for the telecommunications and Internet service providers (ISPs) who have a major role in mitigating DDoS attacks carried out by botnets.

The report touches on the role that ISPs play, and it limits its recommendations to increased information sharing between ISPs and their partners to “achieve more timely and effective sharing of actionable threat information both domestically and globally.”

This, Dickson says, is not enough. Instead, he would have preferred to see recommendations to block specific types of traffic or to monitor traffic to prevent botnet attacks.

“There is an incentive for telcos to do this—reducing spurious traffic on their networks,” according to Dickson. “But they’re likely to say there’s a cost associated with doing that, which will be passed on to users.”

Countries with more government control of ISPs have shown how this can work, Dickson says. For instance, countries like China and Saudi Arabia—which have greater government control of the Internet in general—have been more effective in preventing botnet attacks because they’re able to block them from getting in.

“We don’t have government control of our telcos anymore—it’s much more Wild Wild West with more players and a bigger network,” Dickson says of the U.S. system, making it more vulnerable to botnet attacks.

 

Categories: IoT Security

About Denim Group

Denim Group is the leading secure software development firm, serving as a trusted advisor to customers on matters of software risk and security. The company builds software for the most security conscious while helping organizations assess and mitigate risk within their existing software. Denim Group's flagship ThreadFix product accelerates the process of software vulnerability remediation, reflecting the company's rich understanding of what it takes to fix application vulnerabilities faster. Denim Group has emerged as a strong contributor to the larger application security community and has actively participated in the Open Web Application Security Project (OWASP) since shortly after its inception.

Among many other awards, Denim Group has landed on the "Inc. 5000" list - which recognizes the country's 5000 fastest-growing private companies - for five years in a row. In addition, the San Antonio Business Journal named Denim Group as one of the "Best Places to Work" in the city.

###

Denim Group is a registered service mark of Denim Group, Ltd.
Other names and brands may be claimed as the property of others.