ICANN coordinates the unique identifier systems that enable the global internet, including domain names, IP addresses, and root server systems. The document discusses ICANN's role in promoting the security, stability, and resiliency (SSR) of these systems. It outlines ICANN's functional areas related to SSR, which include threat awareness and response, analytics, trust-based collaboration, and capability building. ICANN works with global actors like registries, registrars, law enforcement, and researchers to address challenges and strengthen SSR of the internet's unique identifier systems.

1. Discovering and Participating at ICANN :!
ISSSR Update !
!
Champika Wijayatunga, ICANN!
IDNOG1 – Jakarta, Indonesia 24 June 2014 !

2. 2
What does ICANN do?!

3. 3
ICANN
is
a
global
organiza0on
that
coordinates
the
Internet’s
unique
iden0fier
systems
for
worldwide
public
benefit,
enabling
a
single
interoperable
Internet.

4. 4
+ Domain Name System (DNS)
+ Internet Protocol (IP) Address Allocation
+ Protocol-Parameter Registry
+ Root Server Systems
+ Generic Top-Level Domain Names (gTLD) system
management
+ Country-code Top-Level Domain Name (ccTLD)
DNS
+ Time Zone Database Management
Functions that ICANN Coordinates!

5. SSR
Framework
• Security
–
the
capacity
to
protect
and
prevent
misuse
of
Internet
unique
iden;fiers.
• Stability
–
the
capacity
to
ensure
that
the
system
operates
as
expected,
and
that
users
of
the
unique
iden;fiers
have
confidence
that
the
system
operates
as
expected.
• Resiliency
–
the
capacity
of
the
unique
iden;fier
system
to
effec;vely
withstand/tolerate/survive
malicious
aCacks
and
other
disrup;ve
events
without
disrup;on
or
cessa;on
of
service.

6. The
Challenge
• Misuse
of
and
aCacks
against
the
DNS
and
global
networks
challenge
overall
unique
iden;fier
security
– Affect
the
broad
range
of
users,
individuals,
businesses,
civil
society
and
governments
• Security
in
the
context
of
the
Internet's
unique
iden;fiers
should
be
addressed
through
a
healthy
Internet
ecosystem.
– an
Internet
that
is
sustainable
or
healthy,
stable
and
resilient
6

7. Coordina;on
&
Collabora;on
• Generic
Top
Level
Domain
Operators
(gTLDs)
– .com,
.net,
.org
etc.
• Country
Code
Top
Level
Domain
Operators
(ccTLDs)
– .bd,
.in,
.sg
etc.
• CERTs
• Regional
Internet
Registries
(RIRs)
• Governments
/
Law
Enforcement
• Interna;onal
Organisa;ons
• Research
Organisa;ons
/
Experts
• Etc.
7

8. 8
!
Functional Areas!
Threat
Awareness
and
Preparedness
Trust-­‐based
Collabora;on
Iden;fier
SSR
Analy;cs
Capability
Building
Iden;fier
Systems
SSR

9. Iden;fier
Systems
Threat
Awareness
• Exchange
of
threat
intelligence
rela;ng
to
security
events
of
global
nature
involving
iden;fier
systems
• Par;cipa;on
in
response
to
threats
or
aCacks
against
iden;fier
systems,
see
hCps://www.icann.org/en/about/staff/security/
vulnerability-­‐disclosure-­‐05aug13-­‐en.pdf
Threat
Awareness
and
Response
Threat
Intelligence
• Trust
networks
Coordinated
Response
• Vulnerability
Disclosure
• Facilita;on

10. • Ac;ve
engagement
with
global
actors
who
monitor
DNS
health
or
iden;fy
imminent
threats
• DNS
vulnerability
iden;fica;on,
repor;ng,
and
resolu;on
• Examples
– Conficker
– ACacks
against
ccTLDs,
registrars
– Root
system
DDoS
(Anonymous)
Threat
awareness
and
response

11. Iden;fier
SSR
Analy;cs
• Projects
in
infancy
• Develop
metrics
and
analy;cs
for
iden;fier
systems,
e.g.,
– Root
system
measurements,
analysis
– Analysis
of
DNS
or
registra;on
abuse
or
misuse
– Crea;ve
uses
of
DNS
data
Iden;fier
SSR
Analy;cs
Metrics
•
“CVEs”
• Root
System
analy;cs
• Incidents

12. Trust-­‐based
Collabora;on
• Global
Cybersecurity
coopera;on
– Coordinate
engagement
through
ICANN
Global
Stakeholder
Engagement
– Coordinate
cybersecurity
message
with
Global
Stakeholder
Engagement
• Global
Security
&
Opera;ons
– Daily
interac;on
on
DNS
abuse/misuse
maCers
with
first
responders,
law
enforcement,
operators
– Coopera;on
with
DNS
research
ac;vi;es
• Examples
– Engage
with
registrars
and
repor;ng
par;es
to
mi;gate
DNS
abuse/misuse
– Lend
subject
maCer
exper;se
during
incident
response
Trust-­‐based
Collabora;on
Global
SecOps
• An;Phishing
• An;spam
• An;crime
• Opera;ons
Research
Global
CyberSec
• CCI
• OECD

13. Capability
Building
• DNS
training
– Security,
opera;ons,
and
DNSSEC
deployment
training
for
TLD
registry
operators
– Informa;on
gathering
to
iden;fy
DNS
abuse/misuse
– Delivered
by
contracted
par;es,
ICANN
staff
(digital
delivery
under
study)
• Knowledge
Transfer
– Exchange
of
informa;on
gathering
or
inves;ga;ng
techniques
Capability
Building
DNS
Training
• Security
• OAM
• Abuse/
Misuse
Knowledge
Transfer
• Europol
• Interpol
• RIRs

14. 14
Growing the Asia Pacific Network!
• ICANN APAC Hub
• apachub@icann.org
• SSR issues:
• champika.wijayatunga@icann.org
Thank You!