Internet Identity

If you're reading this, you probably know that Botnets are a serious drain on the global economy in a multitude of ways. The annual attributable cost to governments, companies, universities, and consumers from the networks of private computers infected with malicious software and controlled as a group without the owners' knowledge reaches into the billions of dollars. So let's not go into great detail about how bad they are this month versus last month, or what will happen with them next month here.

Instead, let's focus on what to do about them. The Online Trust Alliance or OTA recently released their white paper on Multi-Stakeholder Botnet Notifications (IID has been an active OTA member for years). It's worth 15 minutes of your time to read through it. The paper lays out a very approachable model for any CISO to develop strategy around dealing with Botnets by taking part in a multi-stakeholder effort to significantly reduce the damage done. This white paper is the culmination of the work put in by dozens of organizations that are interested in reducing the negative economic impact of Botnets, and all have a different viewpoint on this community-wide problem. The collaborative intelligence gained from sharing those different perspectives is a vital part of addressing the Botnet problem, as the paper clearly lays out.

One of the most interesting aspects that went into the development of this white paper was the utilization of the Chatham House Rule. First used in meetings related to International Affairs, this rule calls for the sharing and dissemination of key information without identifying who said what at the meeting. Proper application of this rule provides for a collective benefit (necessary information is shared with those who need it) while negating the individual risk associated with "sticking one's neck out there."

In this particular white paper, secrets were shared but identities were not, resulting in more of a free flow of information that might not have been obtained had identities been revealed. In almost any industry grappling with cybersecurity issues, there are some powerful lessons to be learned from the Chatham House Rule.

At IID, we believe in the free flow of actionable information through whatever means that fosters collaboration and therefore the mitigation of cybercrime. Leveraging the Chatham House Rule accomplishes this in many scenarios where we are handling sensitive information with Fortune 500 companies and some of the world’s largest government organizations.

We invite you to read OTA’s white paper utilizing the Chatham House Rule at https://otalliance.org/resources/botnets/index.html.