Successfully reported this slideshow.

ICANN Security, Stability and Resiliency Plans & Framework

1

Share

Loading in …3
×
1 of 15
1 of 15

More Related Content

More from Bangladesh Network Operators Group

Related Books

Free with a 14 day trial from Scribd

See all

Related Audiobooks

Free with a 14 day trial from Scribd

See all

ICANN Security, Stability and Resiliency Plans & Framework

  1. 1. ! Champika Wijayatunga! bdNOG – Bangladesh, 24 May 2014! Identifier Systems Security Stability and Resiliency (ISSSR)!
  2. 2. 2 ICANN  is  a  global  organiza0on  that  coordinates  the   Internet’s  unique  iden0fier  systems  for  worldwide  public   benefit,  enabling  a  single  interoperable  Internet.  
  3. 3. 3
  4. 4. Framework  Defini.ons     •  Security  –  the  capacity  to  protect  and  prevent   misuse  of  Internet  unique  iden.fiers.   •  Stability  –  the  capacity  to  ensure  that  the  system   operates  as  expected,  and  that  users  of  the  unique   iden.fiers  have  confidence  that  the  system  operates   as  expected.     •  Resiliency  –  the  capacity  of  the  unique  iden.fier   system  to  effec.vely  withstand/tolerate/survive   malicious  aBacks  and  other  disrup.ve  events   without  disrup.on  or  cessa.on  of  service.    
  5. 5. The  Challenge   •  Misuse  of  and  aBacks  against  the  DNS  and  global   networks  challenge  overall  unique  iden.fier  security   –  Affect  the  broad  range  of  users,  individuals,  businesses,   civil  society  and  governments   •  Security  in  the  context  of  the  Internet's  unique   iden.fiers  should  be  addressed  through  a  healthy   Internet  ecosystem.     –  an  Internet  that  is  sustainable  or  healthy,  stable  and   resilient   5  
  6. 6. Coordina.on  &  Collabora.on   •  Generic  Top  Level  Domain  Operators  (gTLDs)   –  .com,  .net,  .org  etc.   •  Country  Code  Top  Level  Domain  Operators  (ccTLDs)   –  .bd,  .in,  .sg  etc.   •  CERTs   •  Regional  Internet  Registries  (RIRs)   •  Governments  /  Law  Enforcement   •  Interna.onal  Organisa.ons   •  Research  Organisa.ons  /  Experts   •  Etc.   6  
  7. 7. 7 ! Func.onal  Areas   Threat  Awareness   and    Preparedness   Trust-­‐based   Collabora.on   Iden.fier  SSR  Analy.cs   Capability  Building   Iden.fier   Systems  SSR  
  8. 8. Iden.fier  Systems  Threat  Awareness   •  Exchange  of  threat  intelligence   rela.ng  to  security  events  of   global  nature  involving  iden.fier   systems   •  Par.cipa.on  in  response  to   threats  or  aBacks  against   iden.fier  systems,  see     hBps://www.icann.org/en/about/staff/security/ vulnerability-­‐disclosure-­‐05aug13-­‐en.pdf     Threat   Awareness  and   Response   Threat   Intelligence   • Trust  networks   Coordinated   Response   • Vulnerability   Disclosure   • Facilita.on  
  9. 9. •  Ac.ve  engagement  with  global   actors  who  monitor  DNS  health  or   iden.fy  imminent  threats   •  DNS  vulnerability  iden.fica.on,   repor.ng,  and  resolu.on   •  Examples   –  Conficker   –  ABacks  against  ccTLDs,  registrars   –  Root  system  DDoS  (Anonymous)     Threat  awareness   and  response  
  10. 10. Iden.fier  SSR  Analy.cs   •  Projects  in  infancy     •  Develop  metrics  and  analy.cs  for   iden.fier  systems,  e.g.,     –  Root  system  measurements,  analysis   –  Analysis  of  DNS  or  registra.on  abuse  or   misuse     –  Crea.ve  uses  of  DNS  data   Iden.fier  SSR   Analy.cs   Metrics   •   “CVEs”   • Root   System   analy.cs   • Incidents  
  11. 11. Trust-­‐based  Collabora.on   •  Global  Cybersecurity  coopera.on   –  Coordinate  engagement  through  ICANN     Global  Stakeholder  Engagement   –  Coordinate  cybersecurity  message  with   Global  Stakeholder  Engagement   •  Global  Security  &  Opera.ons   –  Daily  interac.on  on  DNS  abuse/misuse   maBers  with  first  responders,  law   enforcement,  operators   –  Coopera.on  with  DNS  research  ac.vi.es         •  Examples   –  Engage  with  registrars  and  repor.ng  par.es   to  mi.gate  DNS  abuse/misuse   –  Lend  subject  maBer  exper.se  during   incident  response   Trust-­‐based   Collabora.on   Global  SecOps   •  An.Phishing   •  An.spam   •  An.crime   •  Opera.ons   Research   Global  CyberSec   •  CCI   •  OECD  
  12. 12. Capability  Building   •  DNS  training   –  Security,  opera.ons,  and  DNSSEC   deployment  training  for  TLD  registry   operators   –  Informa.on  gathering  to  iden.fy  DNS   abuse/misuse     –  Delivered  by  contracted  par.es,  ICANN   staff  (digital  delivery  under  study)   •  Knowledge  Transfer   –  Exchange  of  informa.on  gathering  or   inves.ga.ng  techniques   Capability   Building   DNS  Training   •  Security   •  OAM   •  Abuse/ Misuse   Knowledge   Transfer   •  Europol   •  Interpol   •  RIRs  
  13. 13. TLD  Registry  Training  2013   One  or  more   registry  staff   have  aBended   from  countries   in  blue    
  14. 14. DNS  Abuse/Misuse  Training  2013   One  or  more   agents  or  staff   have  aBended   from  countries   in  blue    
  15. 15. 15  

×