For years, the security industry has discussed what responsibility ISPs have when it comes to cybersecurity. On the one side, there are those who argue that ISPs should protect their clients with upstream security controls and filters. On the other side, there are those who argue that customers should be responsible for their own cybersecurity.
ISPs can impact cybersecurity in a way that very few entities can. This is because they are the doorway to the Internet. However, there are valid arguments against ISPs having too much control. Many agree that there should be a balance between the security ISPs provide and the freedom that end-users have to control what they allow into their computers and what gets sent out.
Finding the Balance between Security and Censorship
If you poll 100 people and ask them what the difference is between a dangerous site and an inappropriate site, you will probably get 100 different answers. This is because the truth is a gray area. For example, you may enjoy visiting a site that in the past had malicious advertising on it. Because of that, they blacklisted it. But does that mean that you want your ISP to block it? Or would you prefer to be the one who has the ability to decide whether you will visit the site? ISP controls can feel like censorship to some. To offer security, they need to remove freedom of choice.
Part of freedom of choice in surfing the Internet includes the freedom to do things that many people would consider unwise. ISPs cannot be solely responsible for cyber security. They can’t take liability for a user’s foolish actions. Organizations that have the best security controls in the world still have people within the organization that do dumb things that end up getting their computers infected. The only way that ISPs could truly get involved in providing cybersecurity for everyone would be to allow them to do so while freeing them up from liability for security issues. And that’s a path most people are not interested in taking.
It comes down to a question, how much control do we want our ISPs to have? Should our ISPs have the right to firewall us? Should they filter “bad” sites? Do we feel comfortable giving them the right to scan our networks and identify vulnerabilities and then quarantine devices that don’t have the proper patches? Really, creating regulations that prevent ISPs from going too far and at the same time allowing ISPs to provide sufficient security would be a logistical nightmare.
Positive Principles ISPs Can Follow to Improve Cyber Security
ISPs can protect customers from known cyber attacks. They can do this by working with and collaborating with peers. This could mean that when an ISP identifies a network that is being used for criminal activity, they can act decisively and protect their customers. ISPs should also share information about known threats. When known threats are identified, people can protect themselves against them, and this stops cyber criminals.
ISPs are in a unique position to provide education and awareness on how to respond when there is a cyber attack. This education can be provided to their customer base and to the community at large. Education could include training on how to use email security tools and live to monitor.
ISPs can apply pressure that impacts the behavior of vendors in their supply chain. This is especially true when discussing vendors that provide hardware to customers. Faulty hardware or hardware that is not equipped with the latest security features can be a conduit for cyber attacks. Telecommunications infrastructures need to adhere to cybersecurity requirements, and ISPs can put pressure on institutions to conduct frequent cybersecurity audits.
Areas Where ISPs Can Take a More Active Role in Security
Botnets are one area where ISPs can take an active role in security. ISPs can use advanced detection measures and advanced tracing measures to identify and protect users from harmful botnets. Unfortunately, ISPs can be reluctant to share information about botnet infections because they are concerned about privacy.
DDoS attacks are another area where ISPs can provide effective security. ISPs are the Internet gateways. They can cut a DDoS attack off at the source. They can protect their network by using DDoS protection from the top of the funnel down. This type of protection could be offered as a security solution to selected customers for a fee. This is a win-win scenario. ISPs can offer security protection and turn a profit. Customers can find an inexpensive solution to a frustrating cyber attack from their trusted ISP.
Man-in-the-middle attacks can be prevented by ISPs that run packet sniffers, like Wireshark, on their network. This allows them to catch traffic between the client and the server.
Phishing scams are an endless source of frustration for individuals and businesses. ISPs can protect customers by preventing them from receiving unwanted emails. Spam filters, custom blocking, and blacklisting are all tools that they can use. True, these methods may put legitimate businesses on a blacklist, requiring the blacklisted business to contact an ISP. The technology isn’t perfect yet. However, with the right configuration, ISPs can go a long way in preventing phishing scams and protecting their customers.
ISPs as the gatekeepers of the Internet. They are in the best position to make a huge dent in cybersecurity. While people want to improve cybersecurity, they do not want it if it means losing some freedom over how they use the Internet and what sites they can visit. However, with a hacker attack happening every 39 seconds, it’s clear that something needs to be done. Hopefully, ISPs will step up their game and offer a balanced yet aggressive cyber-attack response to protect their customers.
Tell us what you think. Should ISPs play a greater role in providing their customers with better cybersecurity? Let us know in the comments section below.