The Departments of Homeland Security and Commerce released an update to their ongoing work to address botnets, automated and distributed attacks on the internet, which threaten the nation’s internet infrastructure.
The president issued Executive Order (EO) 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” in May of 2017. The EO called for “resilience against botnets and other automated, distributed threats” and directed the Secretaries of Commerce and Homeland Security to lead a process in line with this effort.
“This progress update demonstrates a robust effort across the entire ecosystem, and we expect this work to continue,” said the status update, dated July 28, 2020.
One of the “highlights” of the effort, according to the update, is the National Institute of Standards and Technology guidance for Internet of Things (IoT) device manufacturers, published in May, which define baseline cybersecurity capabilities that manufacturers can voluntarily adopt for IoT devices.
“Botnets remain a significant threat,” the status update said. “Current malicious applications of botnets remain relevant, and attackers continue to devise novel nefarious applications.” One such application of a botnet came in 2016 when a series of distributed denial of service (DDoS) attacks utilized botnets to overwhelm the website of the Australian census, causing it to be temporarily shut down, according to the country’s government.
“The problem of automated, distributed attacks requires action, coordination, and the harnessing of innovation across government and the private sector (including industry, academia, and civil society),” the status update said. “The U.S. Government, nor any other single entity, can attack the botnet problem alone.”