Cyber Security Resources
What is Cyber Security
Cyber space and the Internet are a critical infrastructure for commerce and communications. Disruptions in the networks and lapses in security now place at risk lives, jobs, our economy and well-being. Cyber security is the approach taken towards securing the information that flows through broadband communications networks. This term encompasses everything from making sure that the information an individual user entrusts to email or to an online website remains private to preventing foreign governments from infiltrating our Nation’s most vital critical infrastructures. Accordingly, cyber security is important to every American who uses the internet in order to ensure that their communications remain protected.
There are criminals in nearly 200 countries lurking online – plotting large-scale attacks like the cone that crashed a CIA website in early February 2012, as well as smaller attacks aimed at stealing personal information from unsuspecting citizens’ home computers. This is a growing threat. In January 2012, the FBI Director Mueller warned that “Down the road, the cyber threat will be the number one threat to the country,” surpassing the dangers of terrorism. If we fail to tackle these challenges and secure the Internet, we will pay the price in the form of lost jobs, lost opportunities, and hundreds of billions of dollars lost to digital criminals
Cyber Security & The FCC
The FCC’s responsibility is to ensure the reliability and resiliency of the Nation’s communications network and to promote public safety through communications. The FCC, because of its relationship with the nation’s communications network service providers, is particularly well positioned to work with industry to secure the networks upon which the Internet depends.
Over the years, the FCC has worked through its Federal Advisory Committee, the Communications Security, Reliability, and Interoperability Council – CSRIC – to develop voluntary industry wide best practices that promote reliable networks, including for 911 calling. CSRIC and its working groups is made up of industry leaders, academics, and innovators in communications, Federal partners, public safety entities, state and local government officials, and Internet registries.
CSRIC will release a series of recommendations in March 2012 to address the most pressing threats to our cyber security, and suggest frameworks for possible solutions. We believe the most pressing cyber security threats are botnets, domain name fraud, and Internet route hijacking.
Cyber Security Facts
The Internet is a network of networks. Connectivity between these networks is based on an implicit trust that is the Internet’s biggest strength, but can also be a major weakness. The protocol that enables seamless connectivity – known as Border Gateway Protocol or BGP -- doesn’t have a built in mechanisms to protect against cyber attacks. This makes it possible for hackers or criminals to misdirect Internet traffic meant for one destination through the hands of another, perhaps untrustworthy, network. This intentional redirection is known as Internet route hijacking. During the time the traffic is diverted, the network through which it has been diverted can “eavesdrop” on the information passing through, stealing or changing the data before it arrives at its intended destination.
The Internet uses a Domain Name System – or DNS – which is essentially a digital phone book for the web. Servers are filled with identifying information for web sites, which is used to direct people where they want to go. The problem is the DNS has vulnerabilities that can allow the identifying information to be changed. Domain name fraud occurs when a computer users attempts to go to one website, but winds up being misdirected to a fraudulent website. Often the fraudulent websites are designed to look exactly like the legitimate website that the user intended to visit. Users have no idea that they are not working with legitimate websites, and unwittingly provide the operators of the fraudulent websites with financial and personal information.
Botnet is shorthand for “robot network.” Botnets are created by cyber hackers and criminals with the intent of causing harm through the distribution of computer viruses over the Internet. People can become infected by the virus by unsuspectingly opening an email or downloading a file, installing a piece of malicious software on your computer. This software allows the criminal to control your computer remotely. These infected computers are commonly known as bots or Zombie PC’s, and again, most people don’t even realize that their computer has become a bot.
Botnets, domain name fraud, and Internet route hijacking pose significant threats to our economy and our digital society. FCC staff estimate the costs of cyber crimes, exploiting these Internet vulnerabilities, exceed $1 trillion annually. No doubt, the stakes are high. But we have solutions. With government and the private sector working together, we are confident solutions will be identified and implemented to mitigate these cyber security threats to the benefit of our economy and the American people.
The vast majority of our broadband infrastructure is controlled by the private sector. The solution to this problem is not a top-down government response. Our approach gives providers wider latitude to address vulnerabilities within their systems than the one size fits all approach that is common with regulation, while providing guidance and accountability. Government and Industry must work together to find voluntary solutions to secure our networks, while preserving the internet as an open platform for innovation, commerce and social engagement.
The FCC is actively working with ISPs to address and minimize network vulnerabilities, and has tasked its federal advisory committee, the Communications Security, Reliability and Interoperability Council (CSRIC) to develop voluntary industry-wide best practices that promote cyber security on specific areas that fall within the FCC’s purview: Domain Name System (DNS), Border Gateway Protocol (BGP) and botnet remediation. These are crucial issues which must be addressed to secure the Internet infrastructure.
- Genachowski remarks at Cybersecurity Roundtable
- Cybersecurity Tip Sheet for Small Business
- FCC's Small Business Cyberplanner
- Cybersecurity for Small Business
- Cybersecurity Fact Sheet
- For more information on the work of the CSRIC
- For more information on the work of CSRIC to address the botnet threat
- For more information on the work of CSRIC to address domain name fraud
- For more information on the work of CSRIC to address Internet route hijacking