Today, the CRTC launched a consultation on its proposed framework to address botnets, harmful networks of malware-infected computers that are under the control of a malicious actor.
Botnets facilitate some of the most damaging cyber attacks, including ransomware and identity theft. These attacks cause significant harm to Canadians, businesses and organizations that provide critical services such as hospitals, schools and government bodies.
Measures to block botnet traffic could prevent attacks and help to protect Canadians. The Commission is seeking comments on the appropriateness and need for telecommunications service providers to adopt blocking techniques within their networks, including what safeguards would be necessary to ensure privacy, transparency and effectiveness.
The Commission has the authority and mandate to address malicious activity facilitated by botnets under the Telecommunications Act.
Canadians are invited to submit their comments by March 15, 2021 using only one of the following methods:
- Filling out the online form
- Writing to the Secretary General, CRTC, Ottawa, Ontario K1A ON2 or
- Sending a fax to 819-994-0218.
“Malicious botnet attacks are a serious and recurring concern. Almost every week, we see another organization victimized by ransomware or hear of a fellow citizen lured in by a phishing scam. With the launch of this proceeding, we are aiming to better protect Canadian individuals, businesses and institutions against damaging botnet activity.”
– Ian Scott, Chairperson and CEO, CRTC
The CRTC is seeking comments from Canadians on the appropriateness and need to develop a new framework to address botnet activity within Canadians networks.
The CRTC’s preliminary view is that a network-level blocking framework is a viable strategy to prevent the harm botnets cause to Canadians.
The types of cyber attacks enabled by botnets generally include spam distribution, distributed denial of service attacks, information theft and malware deployment, including ransomware.
Under Canada’s Anti-Spam Legislation, the CRTC is responsible for ensuring compliance with provisions relating to spam distribution, malicious network traffic redirection and malware installation.