Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ICANN Security, Stability and Resiliency Plans & Framework


Published on

ICANN Security, Stability and Resiliency Plans & Framework

Published in: Internet
  • Be the first to comment

  • Be the first to like this

ICANN Security, Stability and Resiliency Plans & Framework

  1. 1. ! Champika Wijayatunga! bdNOG – Bangladesh, 24 May 2014! Identifier Systems Security Stability and Resiliency (ISSSR)!
  2. 2. 2 ICANN  is  a  global  organiza0on  that  coordinates  the   Internet’s  unique  iden0fier  systems  for  worldwide  public   benefit,  enabling  a  single  interoperable  Internet.  
  3. 3. 3
  4. 4. Framework  Defini.ons     •  Security  –  the  capacity  to  protect  and  prevent   misuse  of  Internet  unique  iden.fiers.   •  Stability  –  the  capacity  to  ensure  that  the  system   operates  as  expected,  and  that  users  of  the  unique   iden.fiers  have  confidence  that  the  system  operates   as  expected.     •  Resiliency  –  the  capacity  of  the  unique  iden.fier   system  to  effec.vely  withstand/tolerate/survive   malicious  aBacks  and  other  events   without  disrup.on  or  cessa.on  of  service.    
  5. 5. The  Challenge   •  Misuse  of  and  aBacks  against  the  DNS  and  global   networks  challenge  overall  unique  iden.fier  security   –  Affect  the  broad  range  of  users,  individuals,  businesses,   civil  society  and  governments   •  Security  in  the  context  of  the  Internet's  unique   iden.fiers  should  be  addressed  through  a  healthy   Internet  ecosystem.     –  an  Internet  that  is  sustainable  or  healthy,  stable  and   resilient   5  
  6. 6. Coordina.on  &  Collabora.on   •  Generic  Top  Level  Domain  Operators  (gTLDs)   –  .com,  .net,  .org  etc.   •  Country  Code  Top  Level  Domain  Operators  (ccTLDs)   –  .bd,  .in,  .sg  etc.   •  CERTs   •  Regional  Internet  Registries  (RIRs)   •  Governments  /  Law  Enforcement   •  Interna.onal  Organisa.ons   •  Research  Organisa.ons  /  Experts   •  Etc.   6  
  7. 7. 7 ! Func.onal  Areas   Threat  Awareness   and    Preparedness   Trust-­‐based   Collabora.on   Iden.fier  SSR  Analy.cs   Capability  Building   Iden.fier   Systems  SSR  
  8. 8. Iden.fier  Systems  Threat  Awareness   •  Exchange  of  threat  intelligence  to  security  events  of   global  nature  involving  iden.fier   systems   •  Par.cipa.on  in  response  to   threats  or  aBacks  against   iden.fier  systems,  see     hBps:// vulnerability-­‐disclosure-­‐05aug13-­‐en.pdf     Threat   Awareness  and   Response   Threat   Intelligence   • Trust  networks   Coordinated   Response   • Vulnerability   Disclosure   • Facilita.on  
  9. 9. •  engagement  with  global   actors  who  monitor  DNS  health  or   iden.fy  imminent  threats   •  DNS  vulnerability  iden.fica.on,,  and  resolu.on   •  Examples   –  Conficker   –  ABacks  against  ccTLDs,  registrars   –  Root  system  DDoS  (Anonymous)     Threat  awareness   and  response  
  10. 10. Iden.fier  SSR  Analy.cs   •  Projects  in  infancy     •  Develop  metrics  and  analy.cs  for   iden.fier  systems,  e.g.,     –  Root  system  measurements,  analysis   –  Analysis  of  DNS  or  registra.on  abuse  or   misuse     –  uses  of  DNS  data   Iden.fier  SSR   Analy.cs   Metrics   •   “CVEs”   • Root   System   analy.cs   • Incidents  
  11. 11. Trust-­‐based  Collabora.on   •  Global  Cybersecurity  coopera.on   –  Coordinate  engagement  through  ICANN     Global  Stakeholder  Engagement   –  Coordinate  cybersecurity  message  with   Global  Stakeholder  Engagement   •  Global  Security  &  Opera.ons   –  Daily  interac.on  on  DNS  abuse/misuse   maBers  with  first  responders,  law   enforcement,  operators   –  Coopera.on  with  DNS  research         •  Examples   –  Engage  with  registrars  and   to  mi.gate  DNS  abuse/misuse   –  Lend  subject  maBer  during   incident  response   Trust-­‐based   Collabora.on   Global  SecOps   •  An.Phishing   •  An.spam   •  An.crime   •  Opera.ons   Research   Global  CyberSec   •  CCI   •  OECD  
  12. 12. Capability  Building   •  DNS  training   –  Security,  opera.ons,  and  DNSSEC   deployment  training  for  TLD  registry   operators   –  Informa.on  gathering  to  iden.fy  DNS   abuse/misuse     –  Delivered  by  contracted,  ICANN   staff  (digital  delivery  under  study)   •  Knowledge  Transfer   –  Exchange  of  informa.on  gathering  or  techniques   Capability   Building   DNS  Training   •  Security   •  OAM   •  Abuse/ Misuse   Knowledge   Transfer   •  Europol   •  Interpol   •  RIRs  
  13. 13. TLD  Registry  Training  2013   One  or  more   registry  staff   have  aBended   from  countries   in  blue    
  14. 14. DNS  Abuse/Misuse  Training  2013   One  or  more   agents  or  staff   have  aBended   from  countries   in  blue    
  15. 15. 15