Internet-service providers led by AT&T Inc. and Comcast Corp. are being urged by U.S. regulators to help users fend off malicious software that can turn home computers into stealthy weapons for criminal enterprises.
“Cyber attacks pose a very real threat” and companies are acting to fight them, Julius Genachowski, chairman of the Federal Communications Commission, said as he endorsed recommendations in a voluntary code of conduct formed by an advisory committee to the agency.
Companies need to detect the malicious software, known as botnets, and help educate and notify consumers, according to a conduct code adopted today by the advisory group called the Communications Security, Reliability and Interoperability Council. Participants include largest U.S. telephone company AT&T and No. 2 Verizon Communications Inc., leading cable provider Comcast, and Walt Disney Co.’s ABC television network.
The council urged that companies adopt practices to thwart the hijacking of Internet traffic to unintended destinations, and to prevent posting of fake Web pages that lure consumers to counterfeit sites that seem authentic, the council said.
“AT&T is already fulfilling the recommendations in the reports,” Bob Quinn, senior vice president of federal regulatory and chief privacy officer, said in a blog posting. Security solutions require participation from companies “across the entire Internet ecosystem” including software vendors, operating system developers and providers of content, Quinn said.
Today’s recommendations “represent best practices that recognize the importance of companies having the freedom and flexibility to respond decisively” against atttacks, Stuart Elby, Verizon vice president of corporate technology, said in an e-mailed statement.
Comcast Chief Network Officer John Schanz said in an e-mailed statement that one of the best aspects of today’s recommendations is “emphasis on timely, industry-led, consensus-based solutions, rather than government mandates.”
The push for comprehensive cybersecurity legislation has intensified following attacks last year on companies including New York-based Citigroup Inc., the third-largest U.S. bank by assets, and Bethesda, Maryland-based Lockheed Martin Corp., the world’s largest defense company.
Internet-service providers including AT&T and Comcast opposed new regulations protecting computer networks from hacker attacks at a House hearing this month. The companies said they prefer voluntary sharing of information about cyber threats.
The Obama administration is backing a Senate bill introduced Feb. 14 by Senator Joe Lieberman, a Connecticut Independent, that directs the U.S. Department of Homeland Security to set rules for companies deemed critical to U.S. economic and national security to improve their computer defenses.
A competing bill from eight Republicans including Senators John McCain of Arizona and Kay Bailey Hutchison of Texas would avoid new regulations while promoting information-sharing through incentives such as protection from lawsuits.
Cable and telephone companies, which operate networks that form the backbone of the Internet, would need to boost average annual spending on security almost six-fold to raise their attack-prevention rate to an ideal level of 95 percent from the current 76 percent, according to a Bloomberg Government study.
The figures mean increasing average annual security expenditures per company to $398 million from the current $67 million, according to the study. The Bloomberg study was based on a survey of technology managers at seven telecommunications companies conducted by the Ponemon Institute LLC, a Traverse City, Michigan-based research firm.
The Senate bill is S. 2105. The Lieberman bill is S. 2105 and the McCain bill is S. 2151.