Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Other (Initial Public Draft)

A Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats

Date Published: January 5, 2018
Comments Due: February 12, 2018 (public comment period is CLOSED)
Email Questions to:


U.S. Department of Commerce, U.S. Department of Homeland Security


This draft report to the President was developed by the Departments of Commerce and Homeland Security (the Departments) in response to Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The Order directed the Secretary of Commerce, together with the Secretary of Homeland Security, to “lead an open and transparent process to identify and promote action by appropriate stakeholders” with the goal of “dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets).”

This draft reflects inputs received by the Departments from a broad range of experts and stakeholders, including private industry, academia, and civil society.  The draft report lays out five complementary and mutually supportive goals intended to dramatically reduce the threat of automated, distributed attacks and improve the resilience of the ecosystem. For each goal, the report suggests supporting activities to be taken by both government and private sector actors. 

The Departments invite comments by February 12, 2018 from all stakeholders regarding the issues and goals raised by the draft Report, as well as the proposed approach, current initiatives, and next steps. In particular, the Departments seek to identify additional actions to incentivize providers or users to prioritize cybersecurity. Following the completion of the public comment period, NIST will host a workshop to discuss unresolved comments and the way forward for the Report.  Comments received are a part of the public record and will generally be posted without change; personal identifying information (for example, name, address) voluntarily submitted by the commenter may be publicly accessible. Please do not submit confidential business information or otherwise sensitive or protected information. The final report will be submitted to the President on or before May 11, 2018.



distributed threats; resilience; botnets; threats and vulnerabilities
Control Families

Awareness and Training; Assessment, Authorization and Monitoring; Incident Response; System and Communications Protection; System and Information Integrity