By Brendan Sasso - 05/30/12 03:50 PM EDT
The Obama administration on Wednesday announced a series of steps aimed at combating botnets — networks of computers that hackers take over and use to spread spam or attack websites.
Botnets have become a favorite weapon of hacker groups such as Anonymous that use them to overwhelm the servers of government and industry websites.
After discussions with government agencies, an industry working group outlined a set of voluntary principles for companies to reduce the impact of botnets, while a financial industry group announced a pilot project for sharing information about the attacks.
According to computer security firm McAfee, nearly 5 million computers around the world have been taken over in botnet attacks.
Government officials noted that the FBI and the Secret Service have stepped up their efforts to shut down massive botnets, including one called "Coreflood" that infected millions of computers and led to the theft of millions of dollars.
“Botnets continue to increase the price of doing business online and place our companies at a competitive disadvantage, while threatening our individual privacy,” said Patrick Gallagher, the under secretary for standards and technology at the Commerce Department. “Today’s efforts are only the beginning of the actions we can take, but working together through this public-private partnership we can start to combat these challenges.”
At a White House event announcing the steps, Homeland Security Department Secretary Janet Napolitano said that cybercrime ranks just behind al Qaeda as the greatest national security threat to the United States.
Although she applauded the government-industry partnerships, she said that legislation is still needed to combat hackers.
"We cannot overstate the urgency of this situation," she said.
The administration has endorsed legislation from Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) that would encourage companies to share information about cyber threats and would give the Homeland Security Department the power to require critical infrastructure to meet minimum cybersecurity standards.
Supporters of the legislation say mandatory standards are necessary to secure vital systems, but many Republicans and industry groups say they would unnecessarily burden businesses.
Michael DeCesare, CEO of McAfee, also spoke at the White House event and said the federal government needs new authorities to share information. But he warned that with "overregulation, we run the risk of creating a compliance cyber ecosystem, not necessarily a more secure one."