The President asked the National Infrastructure Advisory Council in July 2003, to examine ways to harden the Internet. As a result, the Council created a Working Group to evaluate the work of many organizations and recommend ways for the Federal Government to address the President's request. Such organizations included: the National Security Telecommunications Advisory Committee, the National Cyber Security Partnership, and US-CERT.
The Council's report, "Hardening the Internet: Final Report and Recommendations by the Council" focuses its recommendations in the following three areas:
- Near-term Approaches: Encouraging the adoption of Best Current Practices (BCPs) as the most effective approach to harden existing defenses against attack. The Council centered these recommendations on education and awareness initiatives and research into the adoption of BCPs;
- Long-term Approaches: With sufficient time for research and development, additional work on core Internet protocols can be used to harden the Internet and associated networks and devices against malicious attacks. The Council centered these recommendations on more robust research and development;
- Empowerment: In the near and long term, Internet service providers (ISPs) and law enforcement agencies need on-going capabilities to investigate suspicious activity, prosecute cyber criminals, and harden their core operations. The Council centers these recommendations for empowering ISPs and law enforcement agencies on research and policy issues.
Hardening the Internet is a global, not just a national issue. The Internet infrastructure represents a complex interaction of computers, networks, cables, radio waves, processes, and people. Its use is managed by voluntary adherence to common practices promoted by the Internet Architecture Board, the Internet Assigned Numbers Authority, the Internet Engineering and Planning Group, Internet Engineering Steering Group, Internet Corporation for Assigned Names and Numbers, and the Internet Society. No single government or multinational entity could accomplish the task of hardening the entire Internet, nor could one effectively harden its own part of the global Internet. The recommendations in this report regarding best practices adoption and research are applicable globally, and their voluntary adoption is highly encouraged.