New code calls on ISPs to quarantine zombie infected computers

Stuart Corner
Sunday, 06 June 2010 16:05

IT Policy - Regulation

The Internet Industry Association (IIA) has introduced a voluntary code of practice for Australian Internet service providers in a bid to improve cybersecurity for Internet users. It recommends that ISPs, in extreme cases, disconnect from the Internet a customer's computer that has been recruited into a botnet.

According to IIA, the code, known as the icode, "recognises [that] both ISPs and consumers can and must share responsibility for minimising the risks inherent in using the Internet."

As foreshadowed in a draft version released last September the code calls on ISPs to "temporarily quarantine the customer's service, for example by holding them within a 'walled garden' with links to relevant resources that will assist them until they are able to restore the security of their machine."

The IIA could submit the code to the ACMA for registration and, if ACMA chose to register the code, compliance would be mandatory, but IIA has not indicated any plans to pursue this course.

The code calls on ISPs to provide each new customer with information, or links to information that gives them simple steps they can take to better protect themselves online, such as the IIA cyber security pages and the Government's cyber security website, Stay Smart Online.

ISPs that are compliant with the code need to meet the minimum standard set out in the code and are entitled to use the IIA Security Aware ISP Trustmark on their websites and other communications materials.

IIA CEO, Peter Coroneos, said: "The increasing threat of zombied computers - computers which have been essentially hijacked - presents a real risk to users. Identity theft, fraud, and increases in spam are all possible consequences of compromised computers.


CONTINUED