from Digital and Cyberspace Policy Program

Zero Botnets

Building a Global Effort to Clean Up the Internet

Botnets—groups of computers infected with malicious software often used for crime—cost the economy billions of dollars each year. Technology makers, ISPs, cybersecurity companies, and law enforcement need to work together across the globe to fight botnets.

Council Special Report
Concise policy briefs that provide timely responses to developing crises or contributions to current policy dilemmas.

Botnets are the bane of the internet. Criminals use these groups of computers infected with malicious software to propagate spam, send phishing emails, guess passwords, impersonate users, and break encryption. Their most pernicious use, however, is to carry out distributed denial of service (DDoS) attacks. DDoS attacks harness the power of the individual computers that make up the botnet to send internet traffic to a target, thereby blocking legitimate traffic. As much as 30 percent of all internet traffic may be attributable to botnets, and most of that traffic is from DDoS attacks.

Jason Healey

Senior Research Scholar, Columbia University’s School for International and Public Affairs

Robert K. Knake

Whitney Shepardson Senior Fellow

Most DDoS attacks are criminal in nature, often used by companies to take down their competitors’ websites or servers; however, China, Russia, and Iran have all harnessed botnets for geopolitical purposes. A motivated nation-state actor could easily harness millions of systems to shut down countries’ domestic networks or target core internet infrastructure and shut the internet down globally. Foreign governments certainly might judge such actions to be to their advantage in some scenarios.

More on:


Digital Policy

Influence Campaigns and Disinformation

Cybercrime today may cost the global economy $600 billion per year, with much of that loss tied to botnets, and those losses are only set to grow. About sixteen billion devices are connected to the internet today, and both that number and the number of vulnerable and infected devices are expected to double in the next five years. Even if only the tiniest fraction of these devices is infected with botnets, malicious actors will have enormous disruptive potential at their disposal. Thus an ambitious goal of zero botnets is necessary.

To achieve that goal, information security experts first need to do a better job of measuring current botnet activity and set incremental goals for reductions. Nations and international institutions should then work to establish the principle that states are responsible for the harm that botnets based within their borders cause to others. When governments are unable or unwilling to be responsible, other states may be justified in taking action, in or out of the cyber domain, to thwart cross-border effects. Similarly, at the internet service provider (ISP) level, good stewards of online spaces need to hold other ISPs accountable for the bad traffic leaving their networks. The makers of devices that are vulnerable to becoming parts of botnets need to be incentivized to secure their devices, and the resellers of those devices should use their leverage to hold them accountable. Hosting providers, name registrars, and other components of the internet ecosystem that are used by botnets should be pressured to police themselves and prevent their services from being used for criminal purposes. Finally, when these measures fail to suppress the growth of botnets, an ongoing international effort to take down botnets will be necessary.

Professors: To request an exam copy, contact Please include your university and course name.

Bookstores: To order bulk copies, please contact Ingram. Visit, call 800.234.6737, or email Include ISBN: 978-0-87609-739-7.

More on:


Digital Policy

Influence Campaigns and Disinformation

Top Stories on CFR


With significant risks now looming over global energy markets, the United States should be careful not to go too far with oil sanctions.  


Punishing allies won’t help to rally international support for the restoration of democracy.

Sri Lanka

A high level of coordination suggests the perpetrators had substantial expertise, possibly drawn from a foreign-based terrorist group.