An FCC advisory committee unanimously adopted a series of policies on Thursday in an attempt to mitigate certain cyber threats, such as botnet attacks. The Communications, Security, Reliability, and Interoperability Council (CSRIC) — which is made up of more than 50 communications experts from ISPs, consumer organizations, and various levels of government — was tasked with developing a voluntary code of conduct for ISPs to help protect their customers from network-based security threats. The code sets out ways for ISPs to combat IP route hijacking and domain name fraud, but dealing with botnets will have the most significant impact on customers.
ISPs who volunteer to abide by the Anti-Bot Code will need undertake actions in five areas to satisfy their commitment, including educating customers about botnet risks, improving methods for detecting botnets on their networks, notifying customers when their computers have been infected, assisting customers in fixing infected machines, and sharing information regarding botnets with other ISPs who have adopted the code. The last point is especially interesting considering how competitive the market for providing internet access is.
AT&T, CenturyLink, Comcast, Cox, Sprint, Time Warner Cable, T-Mobile, and Verizon have already agreed to adopt the code, which means roughly 50 percent of the US's broadband subscribers will be covered by the new policies. However, Michael O'Reirdan, chair of the CSRIC, told Ars Technica that the policies are "codifying to some extent what [ISPs have] done already," meaning some of these procedures have already been in practice, but the FCC is now making them official. Aside from getting solutions from other ISPs, companies that opt to join will be listed as members of the Anti-Bot Code by the FCC, and will be able to promote themselves as complying with the policies. Regardless of whether service providers are doing this on their own or banding together, it's great to see organizations collaborating to help improve services for all customers.