Australian ISPs Adopt Industry Security Standard
Brian Prince writes on eWeek:
An Australian collective of technology firms has developed an industry code in cooperation with the country’s government to help Internet Service Providers improve cyber-security.More here.
The Internet Industry Association’s (IIA) newly developed "icode" [.pdf] provides a voluntary industry framework for how ISPs can respond to security issues affecting customers and how ISPs can go about dealing with the government in the event of a cyber-emergency.
In the event a computer has been infected and is being used as a zombie, ISPs can temporarily quarantine the customer’s service, holding them within a “walled garden with links to relevant resources that will assist them until they are able to restore the security of their machine,” the document reads. In the case of a computer being used as a spam source, restrictions can be applied to outbound e-mail.
If an ISP suspects criminal attacks against their infrastructure or customers, the ISP should report the incident to the relevant state or territory police, according to the document. However, if an ISP suspects an attack against national critical infrastructure, the ISP should report the matter to the Australian Federal Police.