Mobilize ICT Against Major Botnet Attacks and Other Distributed Attacks
The evolving landscape of cyber threats, in particular botnets and other distributed attacks, poses global and ecosystem-wide economic security challenges, and in some instances may constitute a significant danger to human health and safety.
In the most severe scenarios, these challenges will exceed the individual response capabilities of any single company or industry, necessitating efficient coordination among ICT enablers and other relevant stakeholders to respond to high-level threats. CSDE’s members have demonstrated exemplary leadership in the struggle against botnets and other distributed attacks by developing and improving methodologies to share threat information with relevant actors. Public and private sector partners have welcomed such advances, which form the basis of important working relationships throughout the world premised on shared security goals.
However, as of yet, there is no globally accepted operational framework to support rapid mobilization of critical private sector assets that may need to be leveraged to effectively respond and/or recover in the event of a major cyber emergency. Such emergencies may include threats to critical infrastructure, widespread internet and communications ecosystem disruption, or some other mitigatable crisis that rises to the level of national or international significance.
CSDE will create an operational framework for mobilization of the ICT sector designed to mitigate a major botnet/distributed attack. CSDE will identify scenarios and thresholds where the event is sufficiently widespread to trigger ICT enabler coordination and will undertake activities to improve response capabilities.
Action 1. Conduct pre-planning activities to identify trigger thresholds, which determine whether a botnet scenario is sufficiently serious to justify ICT enabler activation, and identify the relevant enablers.
Action 2. Develop pre-scripted mitigation strategies, with playbooks for different scenarios to guide industry action.
Action 3. Test and implement pre-scripted mitigation strategies and playbooks, including coordination with relevant government entities/officials.
In the event of a catastrophic cyber incident, a unified operational framework for mobilization of the ICT sector is essential to coordinate flexible response mechanisms and distribute responsibilities among stakeholders with clearly defined leadership roles during a major incident.
The goal is to convene the appropriate set of stakeholders who are best positioned to take the immediate steps necessary to mitigate severe harms caused by distributed attacks.
This framework would streamline industry and government actions in the event of major cyber emergencies, so that precious time is not lost on non-essential, low-priority activities.