[フレーム]
You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected to https://csrc.nist.gov.

You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Publications

Other (Initial Public Draft)

A Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats

Documentation Topics

Date Published: January 5, 2018
Comments Due: February 12, 2018 (public comment period is CLOSED)
Email Questions to: [email protected]

Author(s)

U.S. Department of Commerce, U.S. Department of Homeland Security

Announcement

This draft report to the President was developed by the Departments of Commerce and Homeland Security (the Departments) in response to Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Order directed the Secretary of Commerce, together with the Secretary of Homeland Security, to "lead an open and transparent process to identify and promote action by appropriate stakeholders" with the goal of "dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets)."

This draft reflects inputs received by the Departments from a broad range of experts and stakeholders, including private industry, academia, and civil society. The draft report lays out five complementary and mutually supportive goals intended to dramatically reduce the threat of automated, distributed attacks and improve the resilience of the ecosystem. For each goal, the report suggests supporting activities to be taken by both government and private sector actors.

The Departments invite comments by February 12, 2018 from all stakeholders regarding the issues and goals raised by the draft Report, as well as the proposed approach, current initiatives, and next steps. In particular, the Departments seek to identify additional actions to incentivize providers or users to prioritize cybersecurity. Following the completion of the public comment period, NIST will host a workshop to discuss unresolved comments and the way forward for the Report. Comments received are a part of the public record and will generally be posted without change; personal identifying information (for example, name, address) voluntarily submitted by the commenter may be publicly accessible. Please do not submit confidential business information or otherwise sensitive or protected information. The final report will be submitted to the President on or before May 11, 2018.

Abstract

This draft report responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order called for "resilience against botnets and other automated, distributed threats," directing the Secretary of Commerce, together with the Secretary of Homeland Security, to "lead an open and transparent process to identify and promote action by appropriate stakeholders" with the goal of "dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets).

The Departments of Commerce and Homeland Security worked jointly on this effort. They determined that the opportunities and challenges in working toward dramatically reducing threats from automated, distributed attacks can be summarized in six principal themes:

  1. Automated, distributed attacks are a global problem.
  2. Effective tools exist, but are not widely used.
  3. Products should be secured during all stages of the lifecycle.
  4. Education and awareness is needed.
  5. Market incentives are misaligned.
  6. This is an ecosystem-wide challenge.

The Departments identified five complementary and mutually supportive goals that would dramatically reduce the threat of automated, distributed attacks and improve the resilience of the ecosystem. A list of suggested actions for key stakeholders reinforces each goal. The goals are:

  • Goal 1: Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace.
  • Goal 2: Promote innovation in the infrastructure for dynamic adaptation to evolving threats.
  • Goal 3: Promote innovation at the edge of the network to prevent, detect, and mitigate bad behavior.
  • Goal 4: Build coalitions between the security, infrastructure, and operational technology communities domestically and around the world.
  • Goal 5: Increase awareness and education across the ecosystem.
This draft report responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order called for "resilience against botnets and other automated, distributed threats," directing the Secretary of Commerce, together with the... See full abstract

This draft report responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order called for "resilience against botnets and other automated, distributed threats," directing the Secretary of Commerce, together with the Secretary of Homeland Security, to "lead an open and transparent process to identify and promote action by appropriate stakeholders" with the goal of "dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets).

The Departments of Commerce and Homeland Security worked jointly on this effort. They determined that the opportunities and challenges in working toward dramatically reducing threats from automated, distributed attacks can be summarized in six principal themes:

  1. Automated, distributed attacks are a global problem.
  2. Effective tools exist, but are not widely used.
  3. Products should be secured during all stages of the lifecycle.
  4. Education and awareness is needed.
  5. Market incentives are misaligned.
  6. This is an ecosystem-wide challenge.

The Departments identified five complementary and mutually supportive goals that would dramatically reduce the threat of automated, distributed attacks and improve the resilience of the ecosystem. A list of suggested actions for key stakeholders reinforces each goal. The goals are:

  • Goal 1: Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace.
  • Goal 2: Promote innovation in the infrastructure for dynamic adaptation to evolving threats.
  • Goal 3: Promote innovation at the edge of the network to prevent, detect, and mitigate bad behavior.
  • Goal 4: Build coalitions between the security, infrastructure, and operational technology communities domestically and around the world.
  • Goal 5: Increase awareness and education across the ecosystem.

Hide full abstract

Keywords

distributed threats; resilience; botnets; threats and vulnerabilities
Control Families

Awareness and Training; Assessment, Authorization and Monitoring; Incident Response; System and Communications Protection; System and Information Integrity

Documentation

Publication:
Draft Report on Enhancing Resilience Against Botnets (pdf)

Supplemental Material:
NTIA Request for Comments
NIST News Release

Document History:
01/05/18: Other (Draft)
05/30/18: Other (Final)

AltStyle によって変換されたページ (->オリジナル) /