Consumer-ISP Security Notification and Remediation Strategies: An International Analysis
Posted: 19 Mar 2018
Date Written: March 14, 2018
Abstract
Malware and other sources of malicious activity are becoming more prevalent on home networks. In addition to traditional PC-based malware, new classes of threats (e.g., botnets of Internet of Things, or IoT, devices engaging in denial of service attacks) have emerged. Many of these threats are opaque for an end user. Unless a user is appropriately notified about a threat (e.g., via consumer anti-virus or commercial intrusion detection mechanisms) or the user notices degradations in service quality, threats may go undetected. Put another way, these threats may cause their harms without causing noticeable performance problems for the infected end-user. Since network security threats generate negative externalities on a local scale (e.g., malware entering a corporate network), as well as for the greater Internet ecosystem (e.g., botnets in a DoS), a number of stakeholders have championed a range of network security notification and remediation schemes as useful strategies to combat these new types of emergent threats.
This paper reviews the efficacy and potential of both past and proposed end-user notification schemes. It begins by tracing the origin of notification schemes from other Internet security governance initiatives (such as the anti-spam push) and those that emerged following large, defining security events such as the Conficker worm. Next, it catalogs 13 prior and current notification and remediation schemes enacted across various jurisdictions and contexts in the U.S. and abroad. These schemes are evaluated in terms of their scope, similarity, efficacy, and applicability.
We conclude that, while some prior schemes may have been effective in the past, existing initiatives and standards work on notification is often rooted in an older threat landscape that does not scale well beyond the older “one modem-one PC” home network paradigm, and hence does not address the challenges confronted in an IoT world.
A common theme in notification and remediation schemes is their dependence on timely notification to end-users of threats, along with actionable remediation advice appropriate to the threat. Implementing this paradigm in today’s novel threat landscape will require cooperation across the multiple stakeholders that need to be involved in sharing information and in implementing the actions required by any proposed scheme. The chain of stakeholders is diverse and includes network operators, ISPs, standards bodies, governments, equipment providers, consumers, and various alliances of these groups.
We discuss key technical and policy issues that must be resolved in order to ensure a trusted notification and incentive-compatible remediation scheme is in place to address these threats effectively. By highlighting existing schemes that effectively act at the intersection of stakeholder interests, we show that meeting the two notification and remediation goals is possible if future designs are rooted in the lessons of existing schemes.
Keywords: security, cybersecurity, internet, telecom
Suggested Citation: Suggested Citation