CTO-CybersecurityForum-2010-John Crain
Upcoming SlideShare
Loading in...5

CTO-CybersecurityForum-2010-John Crain






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

CTO-CybersecurityForum-2010-John Crain CTO-CybersecurityForum-2010-John Crain Presentation Transcript

  • Global DNS CERT Business  case  for  collabora/on  in  security  
  • Background •  Growing  risks  to  DNS  security  and  resiliency   –  Emergence  of  Conficker.   –  Growing  number  of  domain  hijacking  cases  •  Community  calls  for  systemic  DNS  security   planning  and  response  •  ICANN  commitments  under  Affirma/on  of   Commitments  •  Ini/a/ves  called  for  in  ICANN  2010-­‐2013   Strategic  Plan  
  • Objectives of threats to DNS •  Politically-motivated disruption of DNS•  Desire for financial gain•  Demonstration of technical superiority•  Gratuitous defacement or damage Source: 2009 Information Technology Sector Baseline Risk Assessment, US Dept of Homeland Security View slide
  • Potential impacts •  Long lasting damage to “Trust” in system•  Significant and lasting economic harm•  Is the Internet as we know it at Risk from malicious behavior? View slide
  • Lessons learned •  Conficker (’08- ) –  DNS played a role in slowing Conficker –  Complex interactions with DNS community –  Resource-intensive response activity•  Conficker WG noted need for a dedicated incident response capability
  • Lessons learned •  Protocol vulnerability (’08) –  Fast response, but –  Predicated on ability to  find “key people”•  A coordination center would have improved situational awareness Diagram of cache poisoning attack
  • Lessons learned •  Avalanche (’08- ) –  Targets financial sector –  Exploits the limited resources of registrars –  Trend continues upward•  Complex coordination requires dedicated team
  • Maybe a DNS-CERT?hLp://www.icann.org/en/topics/ssr/ dns-­‐cert-­‐business-­‐case-­‐10feb10-­‐ en.pdf  
  • Mission of DNS CERT “Ensure   DNS   operators   and   suppor/ng  organiza/ons   have   a   security   coordina-­‐/on  center   with   sufficient   exper/se   and  resources   to   enable   !mely   and   efficient  response  to  threats  to  the  security,  stability  and  resiliency  of  the  DNS”
  • Goals •  Validate need for standing collaborative response capability to address systemic threats/risks –  Full-time/global; coordinate existing capabilities; serve all stakeholders especially less resourced operators•  Operational focus determined in engagement with stakeholders and leveraging existing efforts –  Fostering situational awareness; incident response assistance/coordination;
  • Stakeholders by role
  • Participation and feedback •  DNS CERT must respond to constituency needs•  Participation by key constituents –  Adds capability to CERT –  Extends its geographic reach –  Helps keep focus on constituency needs
  • Open questions include:•  Where should it be housed?•  What is best model?•  How should it be funded?•  Etc. etc.
  • Way Forward•  This is a “proposal” we need feedback!•  Seek community feedback –  Email yurie.ito@icann.org with comments
  • Thank youJohn CrainSenior Director, SSRICANNjohn.crain@icann.org