Massive bot nets, computer viruses and keylogging Trojans: It's obvious that computers on the Internet have a bad case of digital hygiene, but one researcher believes that the government needs to step in to assure the Internet stays healthy.
Spam and phishing researcher Joe St. Sauver argued during a panel discussion at the Anti-Phishing Working Group (APWG) Counter E-Crime Summit in San Francisco last month that most consumers are not up to the task of securing their own systems. With Internet service providers refusing to block infected systems because of the support costs and potential liability such an action would entail, and software makers unable to rout out all the bugs in their applications, the government may be the Internet's best bet, St. Sauver states in slides (PDF) for the presentation.
"It shouldnt be the governments responsibility to deal with millions of compromised customer hosts, but if they dont, no one may end up doing so," stated St. Sauver, the manager for Internet2 Security Programs at the University of Oregon Computing Center. "The government has a compelling national interest in the protection of its citizens and businesses online, and in the protection of their networks and systems."
Increasingly, users' systems are being used for nefarious purposes. Attackers from other nations, especially China, appear to be involved in compromising U.S. computers, with infected systems becoming weapons in the hands of bot masters. Throughout early May, such systems were used to hobble a large number of government Web sites in Estonia. And this week, the FBI announced that it had arrested three people on charges of using bot nets consisting of nearly a million PCs to send spam and attack online businesses.
Like the Centers for Disease Control and Prevention (CDC), which prepared for and manages real-world health emergencies, St. Sauver's proposed agency would handle digital outbreaks and attempt to improve the overall health of the Internet.
A nod to the SANS ISC's blog.
Posted by: Robert Lemos