The rate of botnet infections in American computers likely requires a voluntary code of conduct for adoption within the private sector, says a request for information from the National Institute of Standards and Technology and Homeland Security Department printed Sept. 21 in the Federal Register.

NIST and DHS, the notice says, are investigating what that code of conduct might look like and request public input.

One possible model could be a code adopted in Australia in 2010 under which Internet service providers voluntarily agree to consistently notify consumers if their machines are infected, and ensure remediation of the malware problem. Germany and Japan have begun similar efforts, the notice states.

How to implement that code is another topic of inquiry under the notice. One possibility, it suggests, is to encourage companies to send consumer support queries to a centralized resource center that supports consumers from multiple ISPs. Such a center could also be used to facilitate information sharing that could lead to better botnet attention, the notice adds.

There are many ways such a center could be created, but the paper outlines three main possibilities--private-sector run and supported, government run and supported, or a public-private partnership that sets up a non-profit or quasi-governmental entity.

The notice also ask whether companies that participate in the code of conduct should receive certain types of liability protection. Information to ensure existing botnet detection methods avoid false positives would also be welcome, the notice says.

Comments are due by the end of Nov. 4.

For more:
- go to the Federal Register request for information

Related Articles:
NIST cybersecurity standards would apply to Defense contractors under proposed rule 
Commerce: Private sector should adopt codes of conduct to strengthen cybersecurity 
White House cybersecurity proposal would create disincentives, says industry group head