Presentation is loading. Please wait.

Presentation is loading. Please wait.

Greg Rattray ICANN Chief Internet Security Advisor

Published byWalter Francis Modified over 9 years ago

Similar presentations

Presentation on theme: "Greg Rattray ICANN Chief Internet Security Advisor"— Presentation transcript:

1 Greg Rattray ICANN Chief Internet Security Advisor
Making the Internet DNS More Secure and Resilient: An ICANN Perspective Greg Rattray ICANN Chief Internet Security Advisor

2 The Internet as an Ecosystem
Built as experiment; now part of everyday life Assumed benign, cooperative users Now involves a wide variety of systems, stakeholders, opportunities & risks Governments, corporations, civil society, criminals Malicious actors now use Internet Growing centers of gravity – militarily, economically, socially Anonymity & ability to leverage 3rd Parties for Bad Acts Will we a tipping point in inability to address growth of malicious activity and capability? My mother-in-law: Can I safely use my credit card? Socially engineered attacks – on computers; on social functioning Negative consequences of difficulty of security Non, article

3 Bot Nets and Complexity of Attacks
Actors Involved Code Developers Botnet Developer (t = X) Bot Controller (t = Y) Owners of assets ( C2 and bots) DNS operators ISPs Target(s) Bot Code Bot Code Botnet Developer Attacker C2 Multiple purposes; Possibly no digital connection Bot Controller Bot Bot Bot DNS resolution Routing Who’s responsible? Who should be subject of retaliation? - What type? Legal notice, arrest, digital disruption? Who should be part of a cooperative mitigation and defense? Target(s) Attack the swamps, not the fever

4 The Internet: coordinated, not controlled
Just some of the major organizations concerned with the Internet

5 What is Domain Name? Mechanism for translating name into number
= (IP address) ccTLD (country code top-level domain) Generally used or reserved for a country .jp, .kr, .uk, .my …etc gTLD (generic top-level domain) .com, .info, .net, .name, .biz, .pro …etc others (infrastructure top-level domain) .arpa, .int ...etc

6 (Internet Assigned Numbers Authority)
domain names ICANN/IANA (Internet Assigned Numbers Authority) ip address ccTLD registry RIR Root Zone w/ USG and VeriSign ARIN AfriNIC RIPE NCC . .jp .se gTLD registry APNIC LACNIC . .net NIR .com .net zone JPNIC KRNIC CNNIC LIR ISP ISP example.net zone ISP registrar I want ‘example.net’ to setup I need 1 ip address to setup = =

7 ICANN’s Role and Plan ICANN Plan for Enhancing Internet Security, Stability and Resiliency established in 2009 Core: Ensure DNS system stability and resiliency Enabler: Work with broader Internet and security communities to combat systemic DNS abuse; assist operators to protect DNS registration and publication processes Contributor: Identification of risks to security, stability and resiliency of the DNS as part of larger cybersecurity challenges Not involved in cyber war/espionage or content control Plan available at

8 DNS System-wide SSR Coordination, Analysis and Planning
Provide for coherence in concepts of a key sub-system of a larger Internet ecosystem Conduct annual DNS SSR symposium. This year in Kyoto in early February focused on Measuring DNS Health Baselined what metrics and measurements exist and where gaps exist in terms of getting more comprehensive Key parameters for DNS health – coherency, integrity, speed, availability, resiliency Developing set of key contingencies for use in ICANN and community efforts related to response and exercise planning Finalizing continuity plan for failures of DNS registries to address how to protect registrants

9 DNS Vital Signs Coherency Integrity Speed Availability Resiliency

10 Mitigation of Malicious Conduct in New Top Level Domains
Practical measures for extending the DNS in a more secure and accountable fashion Requirement for employing key security technology (DNSSec) Prohibition on undermining protocol (Wildcarding ) Requirements to enhance trust in people (background checks) Enable a scalable approach to investigation and response (Zone File Access) A voluntary program for higher trust in key zones (TLD certification program)

11 DNS Collaborative Response
Enabling effective private sector response and leadership Working closely with FIRST and national CERT community Joint session in Nairobi; help set up East African CERT DNS Security workshop at FIRST general meeting in June Continue collaboration in stopping spread of Conficker as well as lessons learned and follow-up efforts Continue to have security team incident reporting mechanisms to identify potential systemic DNS incidents

12 Capacity Building Programs
Enabling effective security and resilience at the edge of the system Continue conduct of ccTLD security and resiliency training program Attack and Contingency Response Program focused on managerial level threat awareness and contingency planning Joint registry operations training program initiated focused on basic, advanced and security DNS technical skill building Reaching over 100 DNS ccTLD operators in 41 ccTLDs in the last six months

13 Global Engagement Foster a global dialogue on how to most effectively pursue security/resiliency for Domain Name System Work closely with regional TLD associations and network operators groups Work to enhance regional outreach activities INTERPOL workshop Asia-Pacific Economic Cooperation – Telecommunications and Information Working Group Commonwealth Telecommunications Organization This ICANN – MSU Institute for Information Security Issues annual forum

14 Discussion Questions What are the expectations of private sector/multi-stakeholder organizations to provide security and resilience in key aspects in the global information infrastructure? What are the right mechanisms for achieving transparency and accountability in this regard?

Download ppt "Greg Rattray ICANN Chief Internet Security Advisor"

Similar presentations

Introduction to ARIN and the Internet Registry System.

Introduction to ARIN and the Internet Registry System.
ICANN Strategic planning process Draft key priorities for the July 2006 – June 2009 Plan for community comment November 2005.

ICANN Strategic planning process Draft key priorities for the July 2006 – June 2009 Plan for community comment November 2005.
ICANN Plan for Enhancing Internet Security, Stability and Resiliency.

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.
DNS Security and Stability Analysis Working Group (DSSA)

DNS Security and Stability Analysis Working Group (DSSA)
Capacity Building Mandate We, the participants…recognize the need to support: …A coordinated effort to involve and assist developing countries in improving.

Capacity Building Mandate We, the participants…recognize the need to support: …A coordinated effort to involve and assist developing countries in improving.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Update on ccTLD Agreements Montevideo 9 September, 2001 Andrew McLaughlin.

Update on ccTLD Agreements Montevideo 9 September, 2001 Andrew McLaughlin.
Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.
Yerevan, July 11, 20121 Armenian edition of Jovan Kurbalija’s book “Internet Governance” I.Mkrtumyan, ISOC AM H.Baghyan, MediaEducation Center.

Yerevan, July 11, Armenian edition of Jovan Kurbalija’s book “Internet Governance” I.Mkrtumyan, ISOC AM H.Baghyan, MediaEducation Center.
Introduction to ARIN and the Internet Registry System.

Introduction to ARIN and the Internet Registry System.
Public Policy Issues in the Communications and Infrastructure Services Policy area Geoff Huston APNIC June 2011.

Public Policy Issues in the Communications and Infrastructure Services Policy area Geoff Huston APNIC June 2011.
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
“ICANN and the Global Internet” ICANN Workshop Wednesday, October 9, 2002 Mexico City.

“ICANN and the Global Internet” ICANN Workshop Wednesday, October 9, 2002 Mexico City.
Registrars and Security Greg Rattray Chief Internet Security Advisor.

Registrars and Security Greg Rattray Chief Internet Security Advisor.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
New gTLD Basics. 2  Overview about domain names, gTLD timeline and the New gTLD Program  Why is ICANN doing this; potential impact of this initiative.

New gTLD Basics. 2  Overview about domain names, gTLD timeline and the New gTLD Program  Why is ICANN doing this; potential impact of this initiative.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Introduction to ARIN and the Internet Registry System.

Introduction to ARIN and the Internet Registry System.
2011 – 2014 ICANN Strategic Plan Development Stakeholder Review 4 November 2010.

2011 – 2014 ICANN Strategic Plan Development Stakeholder Review 4 November 2010.
Revised Draft 2011-2014 Strategic Plan 4 December 2010.

Revised Draft Strategic Plan 4 December 2010.

Similar presentations

Ads by Google