Industry code to take on spammers, botnets and zombies
The Internet Industry Association (IIA) in conjunction with the Minister for Broadband, Communications and the Digital Economy, Senator Stephen Conroy and the Federal Attorney-General, Robert McClelland, launched a new voluntary code of practice on 6 June 2010 for Australian Internet Service Providers (ISPs) to improve cybersecurity for all consumers.
See the icode website
Known as the icode, the code recognises that both ISPs and consumers can and must share responsibility for minimising the risks inherent in using the internet.
For codes of practice to be effective in an ever-changing environment it's important that they are reviewed to ensure they remain relevant and continue to achieve their original intent. As such, the IIA icode Taskforce has recently completed a review of the icode and is now seeking public comment.
”With the continued threat of zombied devices – devices which have been essentially hijacked and infected by malicious software (Malware) – which presents a real risk to users, the icode review has come at an appropriate time," said Peter Lee, Chief Executive of the IIA.
The code is designed to respond to this challenge by providing a consistent approach for Australian ISPs to help inform, educate and protect their customers in relation to cybersecurity. By following the code ISPs will contribute to reducing the number of compromised devices in Australia and enhance the overall security of the Australian and international internet.
The IIA believes a uniform national approach is warranted and the most effective. The code will deliver a standard set of best practices for ISPs to follow to preserve the integrity of their networks.
The icode contains four main elements:
- A notification/management system for compromised devices
- A standardised information resource for end users
- A comprehensive resource for ISPs to access the latest threat information
- A reporting mechanism in cases of extreme threat back to CERT Australia to facilitate a national high level view of attack status.
The icode builds on the Australian Communications and Media Authority (ACMA) Australian Internet Security Initiative (AISI) as well as other sources of security intelligence which showed that malware-infested devices were a growing risk that required coordinated industry, consumer and government responses.
Further information on the icode Review and the Public Consultation process can be found here.
The icode is available for download. Click here.
The icode Compliance Checklist is available for download. Click here.
The icode Compliance Declaration is available for download. Click here.