Australian ISPs on the right track

In early June, the Australian Internet Industry Association, an ISP industry trade group, published icode [PDF], a voluntary code of conduct for ISPs to follow to better fight bots on their networks. Like the previously-mentioned IETF draft, this document lays out a rationale for, and recommendations on how to implement, an ISP-level response to bots. Unlike the IETF draft, icode is a reflection of a coordinated effort by a large number of ISPs to buy in to a common framework for how to respond.

The icode framework has four parts:

1. Education. ISPs that adopt icode are expected to educate their customers about keeping their computers from becoming compromised.
2. Detection. ISPs can implement their own detection methods and/or get data from trusted third parties. Even better, they can get data from the Australian Internet Security Initiative, a government-led effort to centralize bot reporting by collecting bot reports from trusted providers and then distributing ISP-specific data daily to participating ISPs. (Wouldn’t it be great if we had something like this for infected URLs and hosting companies?)
3. Action. ISPs are encouraged to act on the information about bots, through whatever combination of customer notification, password resets, bandwidth throttling, walled garden quarantining, smtp blocking, or other measures they consider appropriate.
4. Reporting. ISPs are expected to report “significant cyber security incidents” to governments.

icode also recommends, though doesn’t require, that participating ISPs share threat data with each other, facilitated by the Australian CERT.

One could quibble over some of the details, but it’s clear that the Australian ISPs that created and will be adopting icode are light years ahead of most ISPs (and web hosting providers) globally in tackling the spread of malware.