Microsoft proposes a cyber CDC to address Web threats
by Steve Ragan - Oct 5 2010, 12:17Scott Charney, vice president of Trustworthy Computing at Microsoft, has called for governments and industry players to collectively improve and maintain the health of consumer devices connected to the Web. They can do this, according to Charney, by mimicking the WHO and CDC.
Charney first proposed the creation of a health model for Internet security during a keynote address given during the Information Security Solutions Europe conference in Berlin. Charney's model calls for both governments and those within the industry to mirror the response taken by the WHO and CDC during human viral outbreaks, applying their resources to deal with botnets and other viral issues.
“Just as when an individual who is not vaccinated puts others’ health at risk, computers that are not protected or have been compromised with a bot put others at risk and pose a greater threat to society,” Charney explained.
“In the physical world, international, national, and local health organizations identify, track and control the spread of disease which can include, where necessary, quarantining people to avoid the infection of others,” he added. “Simply put, we need to improve and maintain the health of consumer devices connected to the Internet in order to avoid greater societal risk.”
Charney's plan centers on the mitigation steps taken if a device is known to be a risk to the Internet as a whole. If this happens, it will be cleaned of infection and the owner notified. All of this would need to take place before the system is once again allowed unrestricted access to the Web. By employing this process, the infected device will be prevented from spreading its 'sickness' to other online systems.
Imagine it, if you will, almost like a global NAC... but with a focus on botnets and viral Malware such as the outbreaks of old like Slammer, Blaster, and Nimda.
Something similar is already underway. Just last week, Comcast customers were offered a free service designed to alert them if their system is suspected of being part of a botnet. If a Comcast customer's system shows signs that it's part of a botnet, due to communications with a known C&C server, then they will get an email and eventually a browser alert.
Comcast started trials of this service last year, and has partnered with Damballa to monitor network traffic. When it started the trial, Comcast moved quickly to address privacy issues. This is why it does not monitor anything other than network communications to the C&C servers used by the various botnets.
By the same token, while a public health model for Web security would empower consumers and help improve overall safety online, Charney made it clear during his address that privacy issues need to get equal billing if the proposal is to be a success.
In his accompanying whitepaper, Charney remarked that privacy concerns must be carefully considered in any effort to promote Internet security by focusing on device health.
“In that regard,” he explained, “examining health is not the same as examining content; communicating health is not the same as communicating identity; and consumers can be protected in privacy-centric ways that do not adversely impact freedom of expression and freedom of association.”
Admittedly, the public health model isn’t perfect, but it doesn’t have to be, Charney said. Where the differences exist in the Internet and medical versions, there could also be valuable insight.
The medical model is expansive, whereas an IT model would consume a smaller footprint, thus allowing security professionals the ability to spot trends faster. Likewise, where human viral infections can spread at a slower pace than their computer variants, automated vaccination via a computer is much quicker.
In the end, Charney’s idea has solid merit. The question is, will it go anywhere, who would support it, and what political challenges would it face?
“We cannot expect consumers to become security experts, but if we think about how the public health model helps consumers to understand when they are ill and when they should get treated, we can come up with relevant concepts that are applicable to Internet security,” he said.
What do you think?
The whitepaper itself, which explains the concept in full, along with the technologies that can be used to drive it, is here.
Comment on this Story