Asia should mandate ISP intervention
Mandatory regulations should be in place in Asia to stipulate how Internet service providers (ISPs) handle infected computers on their network, a Singapore-based analyst has urged. He added that he expects the Singapore government to introduce stringent measures in the near term.
Patrick Chan, IDC Asia-Pacific's chief technology advisor for emerging technologies, told ZDNet Asia in an e-mail interview that he is not aware of any current mandatory regulations or code of practice for handling infected systems in the region. The onus, he said, is on ISPs to maintain in-house procedures and upkeep service-level agreements.
"Very few ISPs in Asia do active monitoring of the network traffic," noted Chan. "These, in part, can be attributed to privacy issues, cost and complexity of the security threats surfacing across all layers of IT operations these days.
"Enforcing perimeter defense is getting harder as malware and botnet attacks get more complex."
Chan added that he expects the Singapore government in the near team to "enact more stringent measures to invigorate [the] security practices" of ISPs.
"Governments can mandate a holistic e-security code of conduct for ISPs," he said. "This is crucial for Singapore as we are shaping well in terms of infrastructure capability and capacity for cloud computing service providers. The last thing we want is a big-scale attack on these servers damaging the assets of clients."
The intervening role that ISPs can play to improve IT security at large--such as cutting off Internet access to infected machines--has been thrust into the spotlight recently, with at least two experts calling for more of such intervention.
Citing successful examples in Holland and Turkey, Trend Micro's CTO Dave Rand said ISPs in the two countries have begun to see results after proactive attempts to keep their networks clean, V3.co.uk reported last month. Rand cited Turkish ISPs in particular. He observed that the number of compromised systems which used to relay spam have dropped from 1.7 million to zero, after efforts to monitor their networks and inform customers of unusual activity.
Eugene Kaspersky went one step further by suggesting that Australian ISPs should also isolate and disallow access to the Internet for Web servers that are malware-infected, not just PCs.
In fact, Australia is planning to launch such an initiative under an e-security code of conduct. However, that effort has been delayed due to privacy concerns, according to ZDNet Asia's sister site, ZDNet Australia.
IDC's Chan said regulations that call for greater intervention by ISPs "should be encouraged". Network optimization, as a result of monitoring, for example, can reduce spam traffic and lead to better efficiency for customers.
On the other hand, such regulations may also have adverse effects on both providers and customers, he said. Monitoring efforts could increase network latency, affecting access speeds. Additional costs would also be incurred from monitoring and customer notifications, which may be passed on to the latter.
"More often than not, there are so many of these infected servers that remain operational as [part of a] botnet behind the enterprise firewall," said Chan. "These are huge threats as most users are not aware of the infection and wasted resources consumed by botnets and ultimately leveraged for attacks."
Eric Chong, Trend Micro's regional marketing director for the Asia-Pacific region, concurred. "ISPs monitoring network traffic to keep their customers safe can have the effect of reducing the amount of cybercrime activities. However, the challenge comes in the form of additional costs being incurred.
"These costs come from monitoring traffic and pinpointing infected machines, among other areas, which ISPs may not be willing to incur as these will eventually be passed on to the customer," he explained in an e-mail.
In an e-mail, a SingTel spokesperson said its ISP operation, SingNet, has systems in place to help monitor network quality. "However, there may be new forms of malware appearing which the system may be unable to detect due to the rate at which malware appears.
"We recommend that customers also take further precautions by installing protection software like [the paid service] SingNet Security Suite to protect their computers or servers against threats," she said.