Krebs: FCC must make ISPs crack down on spammers and malware

The FCC is looking for industry guidance on its cybersecurity roadmap. Brian Krebs says measuring security efforts by US-based ISPs and hosting companies is a critical first step.

By Brian Krebs

September 01, 2010CSO

The Federal Communications Commission (FCC) is asking for help in developing a "Cybersecurity Roadmap," an ambitious plan to identify dangerous vulnerabilities in the Internet infrastructure, as well as threats to consumers, businesses and governments.

The one piece of advice I will offer the commission is to begin measuring the responsiveness of Internet service providers (ISPs) and hosting companies in quashing malicious threats that take up residence on their networks. This is an imperative first step to prevent attacks on the Internet infrastructure, in addition to making the Internet a friendlier place for users.

Also see Krebs' Botnets: The Democratization of Espionage


The FCC said that it is seeking comments on how to proceed with the roadmap, which is part of the commission's National Broadband Plan to roll high-speed Internet services to more Americans.

The commission made the request at almost the same time as the Pew Research Center's Internet & American Life Project issued its finding that more than half of Americans disagree with federal efforts to expand broadband deployment, an effort for which the Obama administration has allocated more than $7 billion. The Pew report came as the FCC was releasing data showing that most Americans who are paying for high-speed access aren't getting anywhere near the Internet speeds they've been promised.

Here's my proposal: Instead of spending billions to squeeze even more people onto already overloaded high-speed lines, the commission should spend its resources trying to improve the security, privacy and satisfaction of people already using these networks.

The FCC now collects reams of data every month about how well the major phone companies serve their customers, measuring the quality of the services they provide by keeping track of and publishing a myriad of data points, such as the frequency of dropped calls and customer complaints. Yet, the commission largely has no reliable data with which to measure whether ISPs (many of them phone companies as well) are taking any concrete steps to make their high-speed pipes less hospitable to online threats.

For tens of millions of consumers, one of the greatest hidden "costs" of being online is dealing with seemingly incessant attacks from scammers, spammers and malicious software. Spam costs U.S. businesses and consumers more than $42 billion annually, according to 2009 estimates by Ferris Research, and Symantec now tells us that spam accounts for roughly 90 percent of all e-mail.

We hear a great deal about the cyber threat from nations such as China and Russia, but the truth is that the United States is the world's largest exporter of cybercriminal-friendly resources. Computer security firm Sophos notes that the United States continues to be the largest single source of spam, spewing more than 13 percent of junk e-mail worldwide.

RESOURCE CENTER