The latest resilience news from around the world

NIST issues draft report on Internet and communications ecosystem resilience

NIST has published a draft report, written by the US Departments of Commerce and Homeland Security, which looks at ‘Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats’.

The draft report establishes goals and proposes actions to address automated and distributed threats to the digital ecosystem as part of the activity directed by Executive Order 13800, ‘Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure’.

Comments on the draft report are requested, with a deadline of February 12th 2018. NIST has also announced a public workshop on February 28th and March 1st for further discussion of the comments.

Abstract

The abstract for the report reads as follows (verbatim):

This draft report responds to the May 11, 2017, Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. That order called for “resilience against botnets and other automated, distributed threats,” directing the Secretary of Commerce, together with the Secretary of Homeland Security, to “lead an open and transparent process to identify and promote action by appropriate stakeholders” with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets). The Departments of Commerce and Homeland Security worked jointly on this effort. They determined that the opportunities and challenges in working toward dramatically reducing threats from automated, distributed attacks can be summarized in six principal themes:

  • Automated, distributed attacks are a global problem.
  • Effective tools exist, but are not widely used.
  • Products should be secured during all stages of the lifecycle.
  • Education and awareness is needed.
  • Market incentives are misaligned.
  • This is an ecosystem-wide challenge.

The Departments identified five complementary and mutually supportive goals that would dramatically reduce the threat of automated, distributed attacks and improve the resilience of the ecosystem. A list of suggested actions for key stakeholders reinforces each goal.  The goals are:

Goal 1: Identify a clear pathway toward an adaptable, sustainable, and secure technology marketplace.
Goal 2: Promote innovation in the infrastructure for dynamic adaptation to evolving threats.
Goal 3: Promote innovation at the edge of the network to prevent, detect, and mitigate bad behavior.
Goal 4: Build coalitions between the security, infrastructure, and operational technology communities domestically and around the world.
Goal 5: Increase awareness and education across the ecosystem.

The report is available here.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

   

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.