The Internet Industry Association (IIA) has urged ISPs to better secure their networks by adopting recommendations in a new voluntary code of practice on cyber security.
According to the IIA, the new guidelines will provide a consistent approach for Australian ISPs to help inform, educate and protect their customers in relation to cyber security risks.
“Through following the Code, it is believed ISPs will contribute to reducing the number of compromised computers in Australia and thereby contribute to the overall security of the Australian and international internet,” the code’s preamble reads.
In arguing for the Code’s adoption, the IIA said implementing the measures contained in the code will also benefit individual ISPs by improving awareness of suspicious activity on their networks, reducing service calls from customers related to security issues, and offering customers a greater level of confidence in the security of their Internet connections.
The Code calls on ISPs to undertake at least one of four activities: greater education of their customers, increasing network detection activity, taking action to address a compromised PC on their network, or greater reporting of malicious activity.
While beneficial to an ISP’s wider customer base, taking action to address a compromised PC, commonly known as a “zombie”, is likely to be controversial as the action would allow providers to apply an “abuse plan” where the customer’s Internet speed is throttled.
It also sees the option of temporarily quarantining the customer’s service -- holding the customer within a ‘walled garden’, and restricting outbound email if a customer’s PC has been taken over and is being used to issue spam emails.
Network detection activity would see IPS undertake network management practices to help identify abnormal traffic patterns from an IP address that may indicate that a customer’s computer has compromised.
The new code of practice coincides with the launch of cyber security awareness week which aims to inform Australians about cyber security and provide steps to help protect personal and financial information online.