Security Experts:

Europe's Cybersecurity Agency Gears Up for War on Botnets

Europe's Cybersecurity Agency Publishes Botnet Report and Policy-Level Considerations

The European Network and Information Security Agency (ENISA), Europe’s Cyber security agency, issued a report focused on botnets this week titled, “Botnets: Measurement, Detection, Disinfection and Defence.” The report discusses the reliability of botnet size estimates and provides recommendations and strategies to help organizations fight against botnets. In addition, ENISA published a list of what it considers the top 10 key issues for policymakers in 'Botnets: 10 Tough Questions.'

ENISA Botnet ReportThe 154 page "Botnets: Measurement, Detection, Disinfection and Defence" report includes different types of best practices to measure, detect and defend against botnets from all angles. The countermeasures are divided into 3 main areas: neutralizing existing botnets, preventing new infections and minimizing the profitability of cybercrime using botnets. The recommendations cover legal, policy and technical aspects of the fight against botnets and give targeted recommendations for different groups.

The recommendations cover legal, policy and technical aspects of the fight against botnets and give targeted recommendations for different groups involved including:

• The clarification of defensive measures permitted in each member state.

• Measures for encouraging users to keep their computers free of botnets.

• Supporting schemes for notification to infected customers by ISP's.

The report also emphasizes the need for a close international cooperation between governments, technically-oriented, and legislative institutions. "Global cooperation is indispensable for successful defense against botnets," said Udo Helmbrecht, Executive Director of ENISA.

The “Botnets: 10 Tough Questions” list comes from internal discussions by security experts in the field of botnets that took place between September and November 2010 and presents a selection of the most interesting results. The document distills the major issues that need to be understood and addressed by decision-makers in all groups of stakeholders. "Botnets: 10 Tough Questions" is a policy-level distillation of ENISA's consultation with top experts from all sides of the fight against botnets, including Internet Service Providers (ISPs), security researchers, law enforcement, Computer Emergency Response Teams (CERTs) and anti-virus vendors. The questions addressed include:

1. How much trust to put in published figures?

2. What are the main challenges associated with jurisdiction?

3. What should be the main role of the eu/national governments?

4. Which parties should take which responsibilities? '

5. Where to invest money most efficiently?

6. What are key incentives for cooperative information sharing?

7. What are key challenges for cooperative information sharing?

8. Are there unseen/undetected botnets?

9. Which aspects are still missing in the fight against botnets?

10. What are future trends?

"The botnet numbers define the political agenda and they determine 100's of millions of Euros of security investments – we should understand what is behind them," says Dr. Giles Hogben, the report Editor. Yet, the report concludes that many botnet figures are likely to be inaccurate and even small numbers of bots can cause severe damage. "Size is not everything – the number of infected machines alone is an inappropriate measure of the threat," says Dr. Hogben.

The Botnets: Measurement, Detection, Disinfection and Defence report can be downloaded here. Botnets: 10 Tough Questions can be downloaded here. (Both are PDF Files)

ENISA says a third report focusing on legal issues in the fight against botnets will follow in Q2.

Read More in the SecurityWeek Cybercrime Section