Advisory Group Prepping ‘Moonshot’ Plan to Fight Botnets

An advisory group is preparing two separate reports on what the government can do to protect against armies of compromised zombie computers that carry out cyber mischief, known as botnets, a representative said Friday.

The first report will focus on how existing technologies can be expanded or improved to prevent personal computers and other technology from being conscripted into botnet armies, said Raymond Dolan, who chairs the Internet and Communications Resilience Subcommittee of the Homeland Security Department’s National Security Telecommunications Advisory Committee.

That report, which is due to top Commerce Department and DHS officials in October, will also focus on combating the cyber mischief caused by botnets, said Dolan who’s also CEO of Sonus Networks, a cloud communications company.

Botnets are frequently used to launch distributed denial-of-service attacks that pummel websites with requests in an effort to force them offline. The Mirai botnet, for example, which is powered largely by connected devices such as webcams and baby monitors, was able to briefly take down prominent websites including Netflix earlier this year.

The second report, which does not have a firm due date, will focus on longer-range “moonshot” plans to substantially reduce the formation of botnets or their power, Dolan told NSTAC members during a conference call.

Combating botnets was a major focus of a cybersecurity executive order President Donald Trump issued in May.

Dolan’s subcommittee has invited roughly 20 subject matter experts to brief members on botnet challenges and hopes to have an initial draft of the first report completed by the end of August, he said.

NSTAC members also authorized Friday a report to Trump on challenges emerging technologies pose to government security. The report covers quantum computing, artificial intelligence, virtualization and increasingly complex data storage systems that can result in data being stored in numerous far-flung places at the same time, among other topics.

The report makes numerous recommendations including modernizing government’s digital architecture so agencies can better rely on centralized cybersecurity protections from DHS and other agencies, and maintaining government involvement in international digital standards setting bodies.

An earlier version of the report was delivered to President Barack Obama during the final months of his administration and briefed to the incoming Trump administration. That draft report focused mainly on challenges facing government today, said NSTAC Vice Chair Scott Charney, corporate vice president for Microsoft’s Trustworthy Computing Group.

The updated report focuses on longer-range plans, he said.