26 May 2012

"Internet Service Providers are the Front Line of Cyber-defence"

Magazine or Newspaper Article, Europe'sWorld, pages 49-50
Spring 2012
Author: Melissa Hathaway, Senior Advisor, Explorations in Cyber International Relations

NOTE

Melissa E. Hathaway is former acting senior director of cyber-space, U.S. National Security Council. She is one of the contributors to Europe'sWorld's Spring 2012 Special Section: Cyber-Security.

Thieves, voyeurs, spies and other nations regularly invade the electronic borders which surround our homes, businesses and government institutions. But because the job of safeguarding these borders falls between the twin public duties of securing economic progress and protecting national security, governments around the world can't decide which ministry to put in charge of internet security. What they ought to recognise, however, is that Internet Service Providers (ISPs) — and more broadly the whole communications sector — are the front line of cyber-defence, and should therefore shoulder more of the responsibility this entails.
Major telecommunications providers and ISPs have unparalleled visibility into global networks. This enables them to detect cyber-intrusions as they form and head towards their targets. ISPs already adhere to common protocols and enable seamless, global connectivity, and collaborate to ensure uninterrupted service. They also limit the amount of spam reaching customers' in-boxes, notify users of botnet infections and partner with law enforcement agencies to block child pornography.
Why, then, don't governments expect ISPs to reduce the proliferation of malware and help eradicate infections on critical infrastructures?
What is needed is a holistic approach by governments around the world, with policies, laws and regulatory frameworks that support the communications sector and ISPs as they provide security to ensure the internet remains a public good.
Agreed international codes of conduct could, for example, require ISPs to inform customers whenever their computers become infected, assist in the eradication of infections or identify perpetrators. ISPs could also be required to report statistics to governments, educate their customers about cyber-threats and warn them about risks to internet transactions. In short, a collective global agreement could help make sure ISPs provide a reliable conduit of service, through which transactions can be maintained with integrity, confidentiality and privacy.
In this, cyber-space is just like any other essential sector where government regulation helps to maintain safety standards. In the food and water industries, for example, government inspectors help businesses keep bacteria and toxins within acceptable limits. In transport, parcel delivery companies and airlines have to check the goods they handle to prevent the transit of hazardous materials. There are plenty of other examples where governments regulate for the benefit of society at large. Cyber-security is no different.