Working Group 7: Botnet Remediation Status Update

1. Working Group 7: Botnet RemediationStatus Update June 6, 2012 Michael O’Reirdan (MAAWG) - Chair Peter Fonash (DHS) – Vice-Chair

2. WG 7 Objectives Working Group 7 – Botnet Remediation  Description: This Working Group will review the efforts undertaken within the international community, such as the Australian Internet Industry Code of Practice, and among domestic stakeholder groups, such as IETF and the Messaging Anti-Abuse Working Group, for applicability to U.S. ISPs.  Building on the work of CSRIC II Working Group 8 ISP Network Protection Practices, the Botnet Remediation Working Group shall propose a set of agreed-upon voluntary practices that would constitute the framework for an opt-in implementation model for ISPs. The Working Group will propose a method for ISPs to express their intent to op-into the framework proposed by the Working Group. The Working Group will also identify potential ISP implementation obstacles to the newly drafted Botnet Remediation business practices and identify steps the FCC can take that may help overcome these obstacles. Finally, the Working Group shall identify performance metrics to evaluate the effectiveness of the ISP Botnet Remediation Business Practices at curbing the spread of botnet infections.

3. WG 7 Members 3

4. Work Plan Phase 1: Based on CSRIC II output, MAAWG recommendations and IETF draft, produce initial Code of Conduct Phase 2: Identify Barriers to Code Participation Phase 3: Develop Bot Metrics

5. Status Phase 1: U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs) completed • ISPs representing 86% of the U.S. residential subscriber market are either currently participating, or have agreed to participate, in the Code • Efforts underway to outreach to the smaller ISPs to increase awareness and participation

6. Identification of Code Barriers • Work in progress to: • identify potential ISP implementation obstacles to the voluntary U.S. Code of Conduct for ISPs, • identify steps the FCC can take that may help overcome these obstacles, and • develop a framework to assist smaller ISPs identify and overcome potential barriers to Code participation

7. Code Metrics • Work in progress to: • identify performance metrics to evaluate the effectiveness of following the voluntary U.S. Anti-Bot Code of Conduct for ISPs at curbing the spread of botnet infections 7

8. Challenges Metrics work is proving extremely challenging Australian iCode is only now starting work on developing metrics after two years of operation Likely outcome is a work plan for developing metrics

9. Multi-Stakeholder Approach to Cybersecurity OS Vendors App Dev. AV Vendors Int’l Partners Web Hosts Content Providers Research Inst. ISPs Platform Vendors Gov’t D/As Privacy Advocates Enterprises End Users Critical Infra. e-Commerce Orgs. Regulators • ISPs are in a position to detect botnets operating within their networks and notify end-users of suspected bot infections • Other members of the Internet ecosystem have equally important roles to fulfill • A multi-stakeholder approach is necessary in order to fully combat the botnet threat 9

10. Next Steps Determine long-term administration of Code participation Continue Phase 2 - Identification of Barriers to Code Participation Continue Phase 3 – Effectiveness Metrics Deliver final report on Anti-Bot Code of Conduct - Barriers and Metrics – in December 2012