The U.S. Departments of Commerce and Homeland Security on May 30 released guidance for public and private institutions aimed at reducing botnet and other distributed cybersecurity attacks.
The report, titled "Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats," outlines five goals and 20 suggested actions for institutions to consider in safeguarding against distributed cybersecurity threats.
The goals include identifying a clear pathway toward an adaptable, sustainable, and secure technology marketplace; promoting innovation in the infrastructure for dynamic adaptation to evolving threats; promoting innovation at the edge of the network to prevent, detect, and mitigate automated, distributed attacks; promoting and supporting coalitions between the security, infrastructure, and operational technology communities domestically and around the world; and increasing awareness and education across the ecosystem.
Additionally, the report encourages more coordination between the DoC, the DHS and industry stakeholders to implement the recommendations.
"Mitigating the threats from automated and distributed cyberattacks requires ongoing collaboration between public and private sectors," said Walter Copan, director of the National Institute of Standards and Technology.
The report is the culmination of a yearlong cybersecurity review process.
The recommendations come alongside another report released by the White House Office of Management and Budget earlier on May 30, showing that 71 of 96 federal agencies relied on cybersecurity programs deemed "at risk or high risk."
Two major areas of risk within the agencies were shortages of experienced cybersecurity personnel and the high costs associated with modernizing information technology capabilities, the report said. Federal agencies possess neither robust risk management programs nor consistent methods for notifying leadership of cybersecurity risks across the agency, the report continued. It called for federal agencies to undertake quarterly cybersecurity risk reports, not unlike those required by the Securities and Exchange Commission for publicly traded companies.
