Internet service providers should quarantine or even slow down the connections of customers with infected computers, according to a new Australian industry code of practice.
The voluntary code of practice was designed by the Federal Government and the Internet Industry Association (IIA) to formalise cyber security standards for ISPs and customers.
The code [PDF] outlines measures to educate customers, detect malicious activity on the network, take action against compromisde customers and also a requirement to report serious activity to the Australian Federal Police and the national computer emergency response team (CERT).
Communications Minister Stephen Conroy announced the code at yesterday's launch of Australian Cyber Security Awareness Week, and hinted that the code might not remain 'voluntary' should ISPs not sign up.
"At the moment we're working with [IIA CEO Peter Coroneos] and the industry, to make it work this way," Mr Conroy said. "Down the track if it doesn't work - [compulsory adherence to the code] is something we'll have to look at.
"But we are genuienly working well with the sector to get the best outcome."
The code is built around a free monitoring service introduced by the Australian communications and media authority (ACMA) in 2005 -- Australian Internet Security Initiative -- which is used by 78 ISPs to detect whether their customers' computers are connected to a network of hacked PCs, known as a botnet.
The government and IIA have added several resources for ISPs including standard cyber security education messages, notification guidelines, a requirement to report significant infections to the authorities and courses of action to reduce a threat.
The recommended courses of action include the option to slow down or limit a customer's connection.
"Actions that ISPs can take when they become aware of a compromised computer include... apply an ‘abuse' plan where the customer's internet service is speed throttled," the code recommends.
"Temporarily quarantining the customer's service, for example by holding them within a ‘walled garden' with links to relevant resources that will assist them until they are able to restore the security of their machine."
These two measures are more relaxed than suggestions made in a draft of the code in September last year, which recommended ISPs cut access to zombie-infected PCs altogether.
The code states that "user privacy is paramount", but does not provide details for how this will be protected if a compromised computer is reported to authorities.
The ISP code is policed by the IIA and there are no penalties for breaches, according to IIA CEO Peter Coroneos.
"It goes around the compliance symbol," Mr Coroneos said. "They'll be given a trust mark that they put on their website that shows that their code is compliant.
"If we become aware down the track in the unlikely event that an ISP is going to stop acting in their best interests, then we'll take action."