The U.S. government has launched a coordinated effort with several trade groups and private companies to combat botnets and educate affected computer users, the White House announced Wednesday.
The new effort to fight the large networks of compromised computers will involve a range of activities, including plans to share information about botnets among government and private organizations and a nationwide consumer education campaign, members of President Barack Obama’s administration announced.
Improved cooperation is needed to combat botnets, groups of infected computers that can be controlled by third parties, officials said. Botnets are often used to spread malware and to launch large-scale attacks on websites and Internet-connected devices.
“This is much larger than any one company, any specific country, any specific government or any individual,” White House Cybersecurity Coordinator Howard Schmidt said during a launch event at the White House. The U.S. government is teaming up with Internet service providers, privacy groups, search engines, trade associations, Internet companies and education groups to “tackle this on all fronts,” he said.
Botnets are especially dangerous because they use “our own computers against us,” Schmidt added.
About 5 million computer systems were infected with botnet malware in the first quarter of 2012, said Michael DeCesare, co-president at security vendor McAfee. About one in 10 U.S. computers is infected with botnet malware, officials said.
Combating the problem will require organizations across the Internet to work more closely together, DeCesare said.
“We need to make sure these machines do not get infected in the first place,” he said.”We need to do this by delivering security at a faster pace than our adversaries can deliver malware.”
Among the initiatives announced Wednesday is a set of voluntary principles aimed at reducing the impact of botnets. The principles, from the 8-month-old Industry Botnet Group, call on companies to work together to prevent and detect botnets and to notify users when they are infected.
The principles also call on companies to share information about their lessons learned while fighting botnets, to educate users about botnets and to protect user privacy.
“Every participant has a role in helping to reduce the impact,” said Liesyl Franz, vice president for cybersecurity policy at TechAmerica, a member of the botnet group. “That is why we came together, to work together.”
Eleven groups are members of the Industry Botnet Group, including the Business Software Alliance, StaySafeOnline.org and the Software and Information Industry Association.
In addition, several members of the Industry Botnet Group announced they are launching a consumer education campaign, Keeping a Clean Machine, supported by the U.S. Department of Homeland Security, the U.S. Federal Trade Commission and the National Cybersecurity Alliance.
Also, the U.S. Financial Services Information Sharing and Analysis Center announced Wednesday that it has begun working on a pilot program to share information about botnets. Organizers hope the effort will lead to new standards for sharing information about botnets, the White House said.
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant’s e-mail address is grant_gross@idg.com.