Now It's Industry's Turn to Come Up with Botnet Fighting Ideas

A Commerce Department cybersecurity center wants to work with industry to combat botnets powered by internet-connected smart devices.

The goal is to enter into cooperative research and development agreements with companies and other organizations that can offer products and technical expertise that will make connected devices more secure, according to the late December notice from the National Cybersecurity Center of Excellence, located inside Commerce’s National Institute of Standards and Technology.  

The agreement will essentially make it easier for government and industry to cooperate on developing anti-botnet tools and give companies a boost if government touts their tools to connected device manufacturers.  

Currently, many connected devices, collectively known as the internet of things, aren’t protected by passwords or contain default passwords. Many of the devices also can’t be easily patched when researchers discover hackable vulnerabilities in them.

The “hyper growth” of IoT devices, such as cameras, thermostats, refrigerators and car stereos, has created a swath of new privacy and security concerns, according to the notice.

Topping the list of security concerns is that those connected devices might be hacked and harnessed en masse for a major distributed denial-of-service attack aimed at knocking major websites and services offline.  

Those armies of compromised computers and other connected devices are known as botnets. A 2016 botnet attack that was powered partly by connected devices managed to briefly take down major websites including Netflix and The New York Times.

There could be more than 20 billion connected devices by 2020, according to the consulting firm Gartner, a figure the center of excellence cites as part of its broader IoT botnet project.

The center of excellence project is part of an anti-botnet effort led by the Commerce and Homeland Security departments and that President Donald Trump called for in a May executive order on cybersecurity.