Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CTO-CybersecurityForum-2010-John Crain


Published on

Published in: Technology
  • Be the first to comment

CTO-CybersecurityForum-2010-John Crain

  1. 1. Global DNS CERT Business  case  for  collabora/on  in  security  
  2. 2. Background •  Growing  risks  to  DNS  security  and  resiliency   –  Emergence  of  Conficker.   –  Growing  number  of  domain  hijacking  cases  •  Community  calls  for  systemic  DNS  security   planning  and  response  •  ICANN  commitments  under  Affirma/on  of   Commitments  •  Ini/a/ves  called  for  in  ICANN  2010-­‐2013   Strategic  Plan  
  3. 3. Objectives of threats to DNS •  Politically-motivated disruption of DNS•  Desire for financial gain•  Demonstration of technical superiority•  Gratuitous defacement or damage Source: 2009 Information Technology Sector Baseline Risk Assessment, US Dept of Homeland Security
  4. 4. Potential impacts •  Long lasting damage to “Trust” in system•  Significant and lasting economic harm•  Is the Internet as we know it at Risk from malicious behavior?
  5. 5. Lessons learned •  Conficker (’08- ) –  DNS played a role in slowing Conficker –  Complex interactions with DNS community –  Resource-intensive response activity•  Conficker WG noted need for a dedicated incident response capability
  6. 6. Lessons learned •  Protocol vulnerability (’08) –  Fast response, but –  Predicated on ability to find “key people”•  A coordination center would have improved situational awareness Diagram of cache poisoning attack
  7. 7. Lessons learned •  Avalanche (’08- ) –  Targets financial sector –  Exploits the limited resources of registrars –  Trend continues upward•  Complex coordination requires dedicated team
  8. 8. Maybe a DNS-CERT?hLp:// dns-­‐cert-­‐business-­‐case-­‐10feb10-­‐ en.pdf  
  9. 9. Mission of DNS CERT “Ensure   DNS   operators   and   suppor/ng  organiza/ons   have   a   security   coordina-­‐/on  center   with   sufficient   exper/se   and  resources   to   enable   !mely   and   efficient  response  to  threats  to  the  security,  stability  and  resiliency  of  the  DNS”
  10. 10. Goals •  Validate need for standing collaborative response capability to address systemic threats/risks –  Full-time/global; coordinate existing capabilities; serve all stakeholders especially less resourced operators•  Operational focus determined in engagement with stakeholders and leveraging existing efforts –  Fostering situational awareness; incident response assistance/coordination;
  11. 11. Stakeholders by role
  12. 12. Participation and feedback •  DNS CERT must respond to constituency needs•  Participation by key constituents –  Adds capability to CERT –  Extends its geographic reach –  Helps keep focus on constituency needs
  13. 13. Open questions include:•  Where should it be housed?•  What is best model?•  How should it be funded?•  Etc. etc.
  14. 14. Way Forward•  This is a “proposal” we need feedback!•  Seek community feedback –  Email with comments
  15. 15. Thank youJohn CrainSenior Director,