Nato warns of strike against cyber attackers

Owen DeLong owen at delong.com
Wed Jun 9 00:30:01 CDT 2010


On Jun 8, 2010, at 9:06 PM, JC Dill wrote:

> Dave Rand wrote:
>> I'm fond of getting the issues addressed by getting the ISPs to be involved
>> with the problem.   If that means users get charged "clean up" fees instead
>> of a "security" fee, that's fine.
> 
> "I urge all my competitors to do that."
> 
> The problem isn't that this is a bad idea, the problem is that it's a bad idea to be the first to do it.  You want to be the last to do it.  You want all other companies to do it first - to charge their customers more (while you don't charge more and take away some of their business) to pay for this cost.
> 
Heck, at this point, I'd be OK with it being a regulatory issue.  Perhaps we need regulators to
step in and put forth something like the following:

1.	An ISP who receives an abuse complaint against one of their customers shall not be
	held liable for damages to the complainant or other third parties IF:

	A.	Said ISP investigates and takes remedial action for valid complaints within 24
		hours of receipt of said complaint.

	B.	Said ISP responds to said abuse complaint within 4 hours of their determination
		including the determination made and what, if any, remedial action was taken.

and

	C.	If the complaint was legitimate, the remedial action taken by said ISP causes
		the reported abuse to stop.

2.	Any ISP who takes remedial action against one of their customers as outlined
	in the previous section shall charge their customer a fee which shall not be
	less than $100 and not more than the ISP's full costs of investigation and
	remedial action.


I'm not saying I necessarily like the idea of more regulation, but, if we as an industry
are unwilling to solve this because of the above competitive concerns, then, perhaps
that is what is necessary to get us to act.

Owen





More information about the NANOG mailing list