By Andy Bates
You may have heard us talk before about how a clean internet may not be quite as important as the need for clean drinking water yet, but it is getting closer by the day. At Davos this week, the World Economic Forum released a paper on exactly this theme: Cybercrime Prevention Principles for Internet Service Providers. We are proud to say that we at the Global Cyber Alliance are co-creators of this paper, working alongside the WEF, BT, and other global leaders including communications companies. The paper focuses on basic principles which all Internet Service Providers (ISPs) can adopt to provide a cleaner internet; each principle has practical and simple technical recommendations that can help implement it.
The four principles are:
- Protect consumers by default from widespread cyberattacks and act collectively with peers to identify and respond to known threats
- Take action to raise awareness and understand the threats; and support consumers in protecting themselves and their networks
- Work more closely with manufacturers and vendors of hardware, software, and infrastructure to increase minimum levels of security
- Take action to shore up the security of routing and signaling to reinforce effective defence against attacks
For example, with regard to practical steps, the second principle calls on ISPs to take action. To this end, the paper notes that ISPs can play a key role in supporting the integrity of email and specifically recommends that ISPs use an anti-phishing protocol known as DMARC to stop direct spoofing of email domains. The paper indicates that ISPs should “Implement DMARC on network-owned domains and help customers implement DMARC on their domains” in order to prevent phishing. With regard to this recommendation, GCA has provided additional tools and resources to help entities deploy DMARC.
Similarly, the first principle calls on ISPs to protect consumers by default. With regard to this principle, GCA and its partners Packet Clearing House and IBM built a free protective DNS solution that simply and transparently blocks access by default to malicious sites – Quad9. ISPs have similarly developed similar services their customers can use. As the WEF paper says: “If the majority of ISPs choose to protect their customers by default from objectively harmful sites, the world as a whole will be significantly better off in terms of reducing the harm caused by cyberattack.”
There are millions of businesses on the planet, but only a few thousand telephone companies and internet providers. This paper is a call to action for all ISPs to help millions of businesses build a better foundation for a stronger and more secure internet. In this way, the work of these businesses to fight cybercrime becomes easier. ISPs have a unique position as the gateway to the internet. We and our partners want to start a revolution for a cleaner internet, and Davos seems like a great place to start. Thanks to WEF, BT, Europol, Singtel, Telstra, and many others for working together toward this goal.
The author, Andy Bates, is the Executive Director of the United Kingdom, Middle East and India for the Global Cyber Alliance. You can follow him on Twitter @andycyberbates or connect with him on LinkedIn.