Global DNS       CERT	    Business	  case	  for	  collabora/on	  in	  security	  
Background	•  Growing	  risks	  to	  DNS	  security	  and	  resiliency	      –  Emergence	  of	  Conficker.	      –  Growin...
Objectives of threats to DNS	•    Politically-motivated disruption of DNS•    Desire for financial gain•    Demonstration o...
Potential impacts	•  Long lasting damage to “Trust” in system•  Significant and lasting economic harm•  Is the Internet as ...
Lessons learned	•  Conficker (’08- )  –  DNS played a role in slowing Conficker  –  Complex interactions with DNS community ...
Lessons learned	•  Protocol vulnerability (’08)   –  Fast response, but   –  Predicated on ability to       find “key peopl...
Lessons learned	•  Avalanche (’08- )   –  Targets financial sector   –  Exploits the limited      resources of registrars  ...
Maybe a DNS-CERT?hLp://www.icann.org/en/topics/ssr/  dns-­‐cert-­‐business-­‐case-­‐10feb10-­‐                   en.pdf	  
Mission of DNS CERT	“Ensure	   DNS	   operators	   and	   suppor/ng	  organiza/ons	   have	   a	   security	   coordina-­‐...
Goals	•  Validate need for standing collaborative response   capability to address systemic threats/risks   –  Full-time/g...
Stakeholders by role
Participation and feedback	•  DNS CERT must respond to constituency   needs•  Participation by key constituents  –  Adds c...
Open questions include:•    Where should it be housed?•    What is best model?•    How should it be funded?•    Etc. etc.
Way Forward•  This is a “proposal” we need feedback!•  Seek community feedback  –  Email yurie.ito@icann.org with comments
Thank youJohn CrainSenior Director, SSRICANNjohn.crain@icann.org
Upcoming SlideShare
Loading in...5
×

CTO-CybersecurityForum-2010-John Crain

362
-1

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
362
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

CTO-CybersecurityForum-2010-John Crain

  1. 1. Global DNS CERT Business  case  for  collabora/on  in  security  
  2. 2. Background •  Growing  risks  to  DNS  security  and  resiliency   –  Emergence  of  Conficker.   –  Growing  number  of  domain  hijacking  cases  •  Community  calls  for  systemic  DNS  security   planning  and  response  •  ICANN  commitments  under  Affirma/on  of   Commitments  •  Ini/a/ves  called  for  in  ICANN  2010-­‐2013   Strategic  Plan  
  3. 3. Objectives of threats to DNS •  Politically-motivated disruption of DNS•  Desire for financial gain•  Demonstration of technical superiority•  Gratuitous defacement or damage Source: 2009 Information Technology Sector Baseline Risk Assessment, US Dept of Homeland Security
  4. 4. Potential impacts •  Long lasting damage to “Trust” in system•  Significant and lasting economic harm•  Is the Internet as we know it at Risk from malicious behavior?
  5. 5. Lessons learned •  Conficker (’08- ) –  DNS played a role in slowing Conficker –  Complex interactions with DNS community –  Resource-intensive response activity•  Conficker WG noted need for a dedicated incident response capability
  6. 6. Lessons learned •  Protocol vulnerability (’08) –  Fast response, but –  Predicated on ability to find “key people”•  A coordination center would have improved situational awareness Diagram of cache poisoning attack
  7. 7. Lessons learned •  Avalanche (’08- ) –  Targets financial sector –  Exploits the limited resources of registrars –  Trend continues upward•  Complex coordination requires dedicated team
  8. 8. Maybe a DNS-CERT?hLp://www.icann.org/en/topics/ssr/ dns-­‐cert-­‐business-­‐case-­‐10feb10-­‐ en.pdf  
  9. 9. Mission of DNS CERT “Ensure   DNS   operators   and   suppor/ng  organiza/ons   have   a   security   coordina-­‐/on  center   with   sufficient   exper/se   and  resources   to   enable   !mely   and   efficient  response  to  threats  to  the  security,  stability  and  resiliency  of  the  DNS”
  10. 10. Goals •  Validate need for standing collaborative response capability to address systemic threats/risks –  Full-time/global; coordinate existing capabilities; serve all stakeholders especially less resourced operators•  Operational focus determined in engagement with stakeholders and leveraging existing efforts –  Fostering situational awareness; incident response assistance/coordination;
  11. 11. Stakeholders by role
  12. 12. Participation and feedback •  DNS CERT must respond to constituency needs•  Participation by key constituents –  Adds capability to CERT –  Extends its geographic reach –  Helps keep focus on constituency needs
  13. 13. Open questions include:•  Where should it be housed?•  What is best model?•  How should it be funded?•  Etc. etc.
  14. 14. Way Forward•  This is a “proposal” we need feedback!•  Seek community feedback –  Email yurie.ito@icann.org with comments
  15. 15. Thank youJohn CrainSenior Director, SSRICANNjohn.crain@icann.org
  1. ¿Le ha llamado la atención una diapositiva en particular?

    Recortar diapositivas es una manera útil de recopilar información importante para consultarla más tarde.

×