DHS, DoC ask for anti-botnet policy input ★ 28.9.11

Joint request by May, Strickling, Beers:

The U.S. Department of Commerce and U.S. Department of Homeland Security are requesting information on the requirements of, and possible approaches to creating, a voluntary industry code of conduct to address the detection, notification and mitigation of botnets. (…) The Departments seek public comment from all Internet stakeholders, including the commercial, academic, and civil society sectors, on potential models for detection, notification, prevention, and mitigation of botnets’ illicit use of computer equipment.

DHS asks for contributions in three segments: a) Practices To Help Prevent and Mitigate Botnet Infections, b) Effective Practices for Identifying Botnets, c) Reviewing Effectiveness of Consumer Notification, d) Incentives To Promote Voluntary Action To Notify Consumers.

I’ve seen similar public request for comments in other policy domains before in the political system of the US. Thus, I’m not sure whether this is as unique as it appears to be from my European perspective.

Currently, Microsoft – and not some state agency – seems to be the botnet take-downer du jour.

Update. Joel Harding with regard to Microsoft’s role in botnet response:

DHS does not have the resources to protect US citizens, US corporations or any other government infrastructure beyond the critical infrastructure. Yet it is their mission to provide Homeland Security. When will DHS step up to the plate and perform their mission? Do we need a Department of Microsoft instead?