The final version of a report on botnet security, commissioned by a 2017 White House cybersecurity executive order,...
was recently published. What are the recommendations in this NIST report? What's missing in the report that enterprises should be aware of?
If there is one thing NIST is known for in the information security community, it is producing comprehensive security documents for government and industry use. While some have criticized NIST documents as paperwork exercises, unnecessarily complex or lacking in specific details, addressing all the concerns related to cybersecurity is a difficult challenge.
In May, NIST, a unit of the U.S. Department of Commerce, and the Department of Homeland Security (DHS) published a botnet security report named "A Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats," a white paper produced in response to a May 2017 executive order.
The aim of the botnet security report is to fulfill the objective of the cybersecurity executive order, "dramatically reducing threats perpetrated by automated and distributed attacks."
The final version of the NIST report -- a draft was released in May 2018 -- outlined five goals, with several supporting actions for each goal, with the objective of producing "a portfolio of mutually supportive actions that, if implemented, would dramatically improve the resilience of the ecosystem," according to the report. "The recommended actions include ongoing activities that should be continued or expanded, as well as new initiatives."
The five goals from the NIST report are:
- identify a clear pathway toward an adaptable, sustainable and secure technology marketplace;
- promote innovation in the infrastructure to dynamically adapt to evolving threats;
- promote innovation at the edge of the network to prevent, detect and mitigate automated, distributed attacks;
- promote and support coalitions between the security, infrastructure and operational technology communities domestically and around the world; and
- increase awareness and education across the ecosystem.
The action items listed under each of the goals include establishing baseline security profiles, encouraging and enhancing collaboration and information sharing, creating market incentives, ensuring non-deceptive marketing, and voluntary activities and awareness.
The summarized themes provide a good description of the current state of security. All of the goals and action items are good, but many of the challenges, including IoT security threats, ongoing distributed denial-of-service (DDoS) attacks and malicious botnets, require stronger actions.
Some of the recommendations for secure software development practices are vitally important. And while the botnet security report mentions that effective tools already exist for software developers, they are not yet widely adopted.
The botnet security report further mentions the use of ingress and egress filtering to combat DDoS attacks, in addition to many other good recommendations. Enterprises should also take note of the items the report recommends for government organizations, as they are critical to include in enterprise information security programs.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on DDoS attack detection and prevention
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading