Schmidt to Take a Victory Lap as Senate Cybersecurity Discord Deepens

Schmidt will promote the administration’s work to stem the growth of botnets -- networks of compromised computers that are often used by criminal organizations for malicious purposes. The administration’s botnet initiative aims to engage stakeholders from the public and private sectors to develop best practices and industry codes of conduct to battle botnets. Schmidt said recently he'd leave at the end of the month (CD May 18 p12). He’s “been a true champion for the Internet,” said President Leslie Harris of the Center for Democracy and Technology, which had a blog last week about Schmidt (http://xrl.us/bm9dtq). “He clearly strengthened the nation’s cyber defenses but also, time and again, he fought back against overly zealous proposals that would have been bad for the Internet,” Harris told us.

Both CenturyLink and TechAmerica have been active participants in the Industry Botnet Group. Botnet usage growth increased in Q1 from Q4 to nearly 5 million infections at its “highest point,” said a study released Wednesday by McAfee (http://xrl.us/bm9dmx). The report said that nearly half of the control servers for the world’s compromised computer networks are located within the U.S. The Mariposa botnet, which steals credit card and banking data, was the largest compromised computer network, McAfee said.

The U.S. launched several successful botnet takedowns in Q1, the report said, including “Operation Open Market,” which was conducted by the Secret Service and U.S. Immigration and Customs Enforcement in March. The raid netted 50 employees of the Carder.su criminal organization who allegedly engaged in identity theft and counterfeit credit card trafficking, the report said. U.S. enforcement officials also arrested several members of the “hacktivist” organization Anonymous, including LulzSec member “Sabu,” who assisted in the arrest of six top members from the group.

The botnet initiative caps an aggressive portfolio of cybersecurity programs which will continue to grow following Schmidt’s departure. When Schmidt accepted the position in December 2009, he outlined five areas where he hoped to secure American public and private networks. Last month the House passed a mixed bag of four cybersecurity bills during the GOP-led “cyberweek.” The administration issued a veto threat on the Cyber Intelligence Sharing and Protection Act (HR-3523), which aims to increase information sharing between the government and private sector. The White House said the bill doesn’t offer adequate privacy protections or secure the nation’s critical infrastructure from cyberattacks. House lawmakers also passed two bills that are consistent with the administration’s cybersecurity effort: The Federal Information Security Amendments Act (HR-4257), which aims to increase federal cybersecurity protections, and the Cybersecurity Enhancement Act (HR-2096), which aims to increase U.S. cybersecurity research and development.

The Senate has been slow to act and Majority Leader Harry Reid, D-Nev., hasn’t yet scheduled a vote on any of the cybersecurity bills in the Senate. Sponsors of two competing cybersecurity bills have been unable to compromise on the sticky issues of regulations for cyberinfrastructure, privacy, and the role of the Department of Homeland Security. A spokesman for Sen. Barbara Mikulski, D-Md., said that lawmakers have yet to reschedule a classified cybersecurity briefing among Senate cybersecurity advocates aimed at resolving the legislative stalemate. Mikulski chairs the Senate Appropriations Subcommittee on Commerce, Justice and Science, which along with the full Appropriations Committee approved a funding bill with provisions for “cybersecurity, cyber workforce development and cyber jobs” (CD April 20 p13).