Global DNS���CERT

Business  case  for  collabora/on  in  security  

Background

•  Growing  risks  to  DNS  security  and  resiliency  – Emergence  of  Conficker.  – Growing  number  of  domain  hijacking  cases  

•  Community  calls  for  systemic  DNS  security  planning  and  response  

•  ICANN  commitments  under  Affirma/on  of  Commitments  

•  Ini/a/ves  called  for  in  ICANN  2010-­‐2013  Strategic  Plan  

Objectives of threats to DNS

•  Politically-motivated disruption of DNS •  Desire for financial gain •  Demonstration of technical superiority •  Gratuitous defacement or damage

Source: 2009 Information Technology Sector Baseline Risk Assessment, US Dept of Homeland Security

Potential impacts

•  Long lasting damage to “Trust” in system •  Significant and lasting economic harm •  Is the Internet as we know it at Risk from

malicious behavior?

Lessons learned

•  Conficker (’08- ) –  DNS played a role in slowing Conficker –  Complex interactions with DNS community –  Resource-intensive response activity���

•  Conficker WG noted need for a dedicated incident response capability

Lessons learned

•  Protocol vulnerability (’08) –  Fast response, but –  Predicated on ability to ���

find “key people”

•  A coordination center would have improved situational awareness

Diagram of cache poisoning attack

Lessons learned

•  Avalanche (’08- ) –  Targets financial sector –  Exploits the limited���

resources of registrars –  Trend continues upward

•  Complex coordination requires dedicated team

hLp://www.icann.org/en/topics/ssr/dns-­‐cert-­‐business-­‐case-­‐10feb10-­‐

en.pdf  

Maybe a DNS-CERT?

Mission of DNS CERT

“Ensure   DNS   operators   and   suppor/ng  organiza/ons   have   a   security   coordina-­‐/on  center   with   sufficient   exper/se   and  resources   to   enable   !mely   and   efficient  response  to  threats  to  the  security,  stability  and  resiliency  of  the  DNS”

Goals

•  Validate need for standing collaborative response capability to address systemic threats/risks –  Full-time/global; coordinate existing capabilities; serve

all stakeholders especially less resourced operators

•  Operational focus determined in engagement with stakeholders and leveraging existing efforts –  Fostering situational awareness; incident response

assistance/coordination;

Stakeholders by role

Participation and feedback

•  DNS CERT must respond to constituency needs

•  Participation by key constituents –  Adds capability to CERT –  Extends its geographic reach –  Helps keep focus on constituency needs

Open questions include:

•  Where should it be housed? •  What is best model? •  How should it be funded? •  Etc. etc.

Way Forward

•  This is a “proposal” we need feedback! •  Seek community feedback – Email yurie.ito@icann.org with comments

Thank you

John Crain Senior Director, SSR ICANN

john.crain@icann.org