FCC chief calls for industry to boost cybersecurity

By Brendan Sasso - 02/22/12 02:27 PM ET

In a speech on Wednesday, Federal Communications Commission (FCC) Chairman Julius Genachowski called for technology companies to adopt new standards to protect consumers from hackers and spammers.

His proposals focused on voluntary commitments from the private sector rather than government mandates. He emphasized that any cybersecurity measures must protect privacy and the "openness of the Internet."

One cybersecurity threat he focused on is the use of "botnets," networks of computers that hackers take over and can use to spam consumers or take down websites. Hacker group Anonymous has used botnets to crash the sites of the Justice Department, the CIA and others.

Genachowski urged Internet service providers to educate their consumers about botnets and help them detect when their computer has been infected.

He warned that another major threat is Internet route hijacking. Using this technique, hackers can misdirect traffic and access personal data. In 2010, one attack misdirected 15 percent of the world's Internet traffic through servers in China for 18 minutes.

Genachowski urged Internet providers to tackle Internet route hijacking by developing new secure routing standards.

"Costs of implementation can be minimized by putting in place the new technical standards during routine hardware and software upgrades," Genachowski said. "The benefits of ISPs taking these steps to eliminate accidentally misrouted traffic would be enormous."

The third cybersecurity threat that Genachowsi addressed was domain name fraud. Some hackers redirect users from a legitimate website, like a bank's, to a fraudulent site designed to impersonate the real site. The users are then tricked into divulging personal and financial information to the hackers.

Many government agencies now use a security extension called DNSSEC to protect users from being redirected to fraudulent sites. Genachowski urged the private sector to adopt the same system.

"I urge all broadband providers to begin implementing DNSSEC as soon as possible," Genachowski said.

Genachowski's proposals differ from a cybersecurity bill currently pending in the Senate. That measure would empower the government to set mandatory standards for computer systems vital to the nation's security.

He didn't endorse or criticize the bill, but did briefly mention that "just last week bipartisan legislation was introduced in the Senate."