rvlsoft - Fotolia

What is missing from the NIST/DHS botnet security report?

The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis.

The final version of a report on botnet security, commissioned by a 2017 White House cybersecurity executive order, was recently published. What are the recommendations in this NIST report? What's missing in the report that enterprises should be aware of?

If there is one thing NIST is known for in the information security community, it is producing comprehensive security documents for government and industry use. While some have criticized NIST documents as paperwork exercises, unnecessarily complex or lacking in specific details, addressing all the concerns related to cybersecurity is a difficult challenge.

In May, NIST, a unit of the U.S. Department of Commerce, and the Department of Homeland Security (DHS) published a botnet security report named "A Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats," a white paper produced in response to a May 2017 executive order.

The aim of the botnet security report is to fulfill the objective of the cybersecurity executive order, "dramatically reducing threats perpetrated by automated and distributed attacks."

The final version of the NIST report -- a draft was released in May 2018 -- outlined five goals, with several supporting actions for each goal, with the objective of producing "a portfolio of mutually supportive actions that, if implemented, would dramatically improve the resilience of the ecosystem," according to the report. "The recommended actions include ongoing activities that should be continued or expanded, as well as new initiatives."

The five goals from the NIST report are:

  • identify a clear pathway toward an adaptable, sustainable and secure technology marketplace;
  • promote innovation in the infrastructure to dynamically adapt to evolving threats;
  • promote innovation at the edge of the network to prevent, detect and mitigate automated, distributed attacks;
  • promote and support coalitions between the security, infrastructure and operational technology communities domestically and around the world; and
  • increase awareness and education across the ecosystem.

The action items listed under each of the goals include establishing baseline security profiles, encouraging and enhancing collaboration and information sharing, creating market incentives, ensuring non-deceptive marketing, and voluntary activities and awareness.

The summarized themes provide a good description of the current state of security. All of the goals and action items are good, but many of the challenges, including IoT security threats, ongoing distributed denial-of-service (DDoS) attacks and malicious botnets, require stronger actions.

Some of the recommendations for secure software development practices are vitally important. And while the botnet security report mentions that effective tools already exist for software developers, they are not yet widely adopted.

The botnet security report further mentions the use of ingress and egress filtering to combat DDoS attacks, in addition to many other good recommendations. Enterprises should also take note of the items the report recommends for government organizations, as they are critical to include in enterprise information security programs.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Dig Deeper on Network security