Global DNS CERT Business case for collabora/on in security
Background • Growing risks to DNS security and resiliency – Emergence of Conﬁcker. – Growing number of domain hijacking cases • Community calls for systemic DNS security planning and response • ICANN commitments under Aﬃrma/on of Commitments • Ini/a/ves called for in ICANN 2010-‐2013 Strategic Plan
Objectives of threats to DNS • Politically-motivated disruption of DNS• Desire for ﬁnancial gain• Demonstration of technical superiority• Gratuitous defacement or damage Source: 2009 Information Technology Sector Baseline Risk Assessment, US Dept of Homeland Security
Potential impacts • Long lasting damage to “Trust” in system• Signiﬁcant and lasting economic harm• Is the Internet as we know it at Risk from malicious behavior?
Lessons learned • Conﬁcker (’08- ) – DNS played a role in slowing Conﬁcker – Complex interactions with DNS community – Resource-intensive response activity• Conﬁcker WG noted need for a dedicated incident response capability
Lessons learned • Protocol vulnerability (’08) – Fast response, but – Predicated on ability to ﬁnd “key people”• A coordination center would have improved situational awareness Diagram of cache poisoning attack
Lessons learned • Avalanche (’08- ) – Targets ﬁnancial sector – Exploits the limited resources of registrars – Trend continues upward• Complex coordination requires dedicated team
Maybe a DNS-CERT?hLp://www.icann.org/en/topics/ssr/ dns-‐cert-‐business-‐case-‐10feb10-‐ en.pdf
Mission of DNS CERT “Ensure DNS operators and suppor/ng organiza/ons have a security coordina-‐/on center with suﬃcient exper/se and resources to enable !mely and eﬃcient response to threats to the security, stability and resiliency of the DNS”
Goals • Validate need for standing collaborative response capability to address systemic threats/risks – Full-time/global; coordinate existing capabilities; serve all stakeholders especially less resourced operators• Operational focus determined in engagement with stakeholders and leveraging existing efforts – Fostering situational awareness; incident response assistance/coordination;
Participation and feedback • DNS CERT must respond to constituency needs• Participation by key constituents – Adds capability to CERT – Extends its geographic reach – Helps keep focus on constituency needs
Open questions include:• Where should it be housed?• What is best model?• How should it be funded?• Etc. etc.
Way Forward• This is a “proposal” we need feedback!• Seek community feedback – Email firstname.lastname@example.org with comments