Cybersecurity Awareness Week – here comes ICODE

The Aussie government’s Cybersecurity Awareness Week (C-SAW) was launched in Melbourne today. Attorney-General Robert McClelland’s opening speech declares that “the Government’s cyber safety policy focuses on protecting individuals, especially children, online from exposure to such things as illegal and offensive content and cyber-bullying. It promotes a number of safe online habits, such as using strong passwords [and] keeping software up-to-date.”

(It seems that no-one had passed on the password advice to the AG’s colleague, Stephen Conroy, Minister of Broadband, Communications and the Digital Economy. He admitted that “my three-and-a-half year old daughter got my iPhone last night and has disabled it, and I haven’t worked out how to get it to work yet.” Seems he didn’t have any password at all on the phone, nor did he supervise his daughter’s use of it. I guess even the Minister has a fair bit to learn about cybersecurity.)

During C-SAW, the Internet Industry Association of Australia is going to be lauching its new voluntary security code of practice for ISPs. This initiative, dubbed ICODE, aims to build a framework which will encourage ISPs to be active in getting rid of bots or zombies on their networks. The code is proposed to take effect on 01 December 2010.

The sorts of response envisaged by ISPs against zombified customers include the following:

• contacting the customer directly (by phone, email or SMS or other means);
• regenerating the customer’s account password to prompt customers to call the helpdesk so they can be directed to resources to assist;
• applying an abuse plan where the customer’s Internet service is speed throttled;
• temporarily quarantining the customer’s service, for example by holding them within a walled garden with links to relevant resources that will assist them until they are able to restore the security of their machine.

Some of these interventions are, by design, annoying and disruptive to the infected user. But since zombified users are, in turn, disruptive to the rest of us, I urge you to support the concept of the IIA’s ICODE.

Let’s be quite clear: this is not a code for snooping, or for surveillance, or for censorship. It is not a code which plays into the hands of the movie or the music industry’s quest for ISP-based copyright enforcement. It is not any sort of mandatory internet filter. The code explicitly states that the privacy of customers is paramount – and zombification is, after all, a major risk to privacy, since it gives cybercriminals unregulated remote access to your PC and its data.

ICODE’s goal is simple: to reduce the number of zombie PCs in our midst – zombies which cybercriminals are using for fraud, identity theft, spamming, DDos and more.

As the ICODE document itself points out, its primary aim is “instilling a culture of cybersecurity within Australian ISPs and their customers.” So please encourage your ISP to participate.

And be prepared to explain to any of your friends and family who may have their internet access restricted due to zombie activity on their PCs that their minor inconvenience really is for the greater good of all…