Telcos have a major role to play in preventing cyber-attacks, with organisations such as BT blocking more than 100 million attempted malware deliveries per month. To help address the issue and share best practice among Internet Service Providers (ISPs) and other organisations involved in supporting or providing online communications the World Economic Forum and its global partners have published Cybercrime Prevention Principles for Internet Service Providers.
In his foreword, Alois Zwinggi head of the platform for Shaping the Future of Cybersecurity and Digital Trust World Economic Forum notes that the aim is to make it substantially more difficult for criminals operating online to benefit from unlawful gains at the expense of innocent members of the public. It seeks to drive collaboration across public and private sectors to make the “barrier to entry” for attacks far more robust and the penalties for attack much stronger. The focus is on the more strategic actions that the ISPs should be able to take to protecting consumers from common online crimes.
It is recommended that ISPs adopt the following key principles:
1. Protect consumers by default from widespread cyber-attacks and act collectively with peers to identify and respond to known threats
2. Take action to raise awareness and understanding of threats and support consumers in protecting themselves and their networks
3. Work more closely with manufacturers and vendors of hardware, software and infrastructure to increase minimum levels of security
4. Take action to shore up the security of routing and signalling to reinforce effective defence against attacks
In the report, each principle is considered from the perspective of the challenges it is seeking to address, as well as providing demonstrable evidence from service providers of the benefits of implementation plus technical detail on how each principle could be implemented.
Kevin Brown, managing director, BT Security BT Group, one of the key collaborators on the report commented to SC Media UK: “Given the criticality of telecoms networks and how frequently they are targeted by cyber-attacks, we believe that ISPs have a responsibility to adopt security best practices that keep their networks as secure as possible. This project aligns with our wider objectives to work collaboratively across the telecoms ecosystem to raise security standards and make it more difficult for cyber-criminals to be successful. WEF have also stated that they hope the publication of these principles will help generate a more detailed debate on the legal and policy frameworks that can support ISP action in this space whilst also protecting user privacy and open internet standards.
Other collaborators include Deutsche Telekom, Du Telecom, Europol, Global Cyber Alliance, Internet Society, Korea Telecom, Proximus, Saudi Telcom, Singtel, Telstra, ITU who have jointly endorsed the new principles for combatting high- volume cyberattacks, protecting up to one billion consumers in 180 countries
“As a nation, and as the digital enabling company, we are exposed to all sorts of attacks, which forced us early on to heavily invest and build world class cyber capabilities to become fully resilient. Guided by these four principles we encourage other ISPs to leverage them in defining their strategies and gain confidence by joining other global partners.” said Nasser Suliaman AlNasser, Saudi Telecom Group (stc) CEO.
“Cyber-security is becoming a public safety issue,” adds Amy Jordan, delivery lead, Platform for Shaping the Future of Cybersecurity and Digital Trust, World Economic Forum. As more and more devices are connected and physical infrastructure becomes increasingly connected, no one company can do it alone. The community needs to come together, and these principles can accelerate and scale impact.”
“Europol wholeheartedly supports the adoption of these principles by Internet Service Providers worldwide because they have the potential to significantly limit the harm caused by malicious cybercrime actors,” commented Catherine de Bolle, executive director of Europol.
“The World Economic Forum's ISP Principles are a superb collection of actionable measures that providers can use to reduce malicious activity online,” said Joseph Lorenzo Hall, senior vice president, Strong Internet, Internet Society.