Many network providers have learned that no single approach will serve them in dealing with any particular problem. Consider the case of “botnets.” These represent a severe form of network integrity infringement for criminal purposes: Personal computers in businesses, universities, and homes are controlled remotely by an unauthorized, malicious third party without the PC owners’ awareness. A single botnet can involve as many as several hundred thousand computers. They are used for politically motivated denial-of-service (DoS) attacks, such as the famous attack on Estonia in April 2007 that immobilized the country and the April 2008 attack on Radio Free Europe. They also enable online fraud, and they are responsible for an estimated 80 percent of worldwide spam.
Education is an important measure against botnets: Service providers can teach end-users to safeguard their computers with antivirus and firewall software. But groups that only educate, like Blue Security, a now-defunct small producer of Internet antispam software, are themselves vulnerable to attack. Blue Security was pushed out of business by a massive denial of service attack in May 2006. It is much more effective when service providers combine education with the parent stance — blocking data “packets” associated with botnets — and a police role, usually in cooperation with actual police, to help monitor traffic, trace botnet-related activity, and isolate the servers where the botnet originates.
In the past, the natural role for ISPs has been that of teacher. After all, their core business purpose has been, and still is, to provide a secure, reliable, and powerful network for Internet traffic, without engaging in what happens over its network. This has helped them limit risks and liabilities in areas where they have no responsibility or control — for example, the nature of the content being transmitted.
But consumers are demanding a higher level of trust online. And the payoffs for providing it are becoming clearer. For example, when parents are comfortable with the level of protection provided for their children, they allow them to use the Internet more. When traffic management is robust enough to provide consistent speeds, more people turn to the Internet for videos and entertainment. The extent to which a network operator is able to guarantee a high quality of service and optimal broadband experience for all users is a major competitive edge in infrastructure competition, and playing the role of teacher alone will not be enough. Providers will end up expanding their roles.
That does not mean taking on a major policing role. Consumers use the Internet precisely because they want choice and interactivity; providers that are too restrictive may risk losing a competitive edge, as consumers seek out alternatives.
The answer is for network providers to see their primary role as providers of digital confidence. This means not just declaring, but internalizing, confidence-building procedures and protocols, and making them part of the organization’s culture.
Thus, if you are an executive at an Internet service provider, you need to deliberately choose the combination of roles to play for each area of concern, with an eye toward safeguarding the entire system to which you provide a gateway. As a teacher, for example, start by building customer awareness. Develop well-conceived and continually improved programs on such threats as identity theft, piracy, and online behavior (including addressing bullying, restricting solicitation, and defining what constitutes unacceptable content). Target your messages to specific user groups, including parents and children. Also target business clients with education on spam filters and protection against DoS attacks. Do not delegate this job to other groups; you can partner with others, but you must be seen as the source of digital confidence.