Embed Size (px)
Citation preview
!Champika Wijayatunga!bdNOG – Bangladesh, 24 May 2014!
Identifier Systems Security Stability and Resiliency (ISSSR)!
2
ICANN is a global organiza0on that coordinates the Internet’s unique iden0fier systems for worldwide public
benefit, enabling a single interoperable Internet.
3
Framework Defini.ons
• Security – the capacity to protect and prevent misuse of Internet unique iden.fiers.
• Stability – the capacity to ensure that the system operates as expected, and that users of the unique iden.fiers have confidence that the system operates as expected.
• Resiliency – the capacity of the unique iden.fier system to effec.vely withstand/tolerate/survive malicious aBacks and other disrup.ve events without disrup.on or cessa.on of service.
The Challenge
• Misuse of and aBacks against the DNS and global networks challenge overall unique iden.fier security – Affect the broad range of users, individuals, businesses, civil society and governments
• Security in the context of the Internet's unique iden.fiers should be addressed through a healthy Internet ecosystem. – an Internet that is sustainable or healthy, stable and resilient
5
Coordina.on & Collabora.on
• Generic Top Level Domain Operators (gTLDs) – .com, .net, .org etc.
• Country Code Top Level Domain Operators (ccTLDs) – .bd, .in, .sg etc.
• CERTs • Regional Internet Registries (RIRs) • Governments / Law Enforcement • Interna.onal Organisa.ons • Research Organisa.ons / Experts • Etc.
6
7
!Func.onal Areas
Threat Awareness and
Preparedness
Trust-‐based Collabora.on
Iden.fier SSR Analy.cs Capability Building
Iden.fier Systems SSR
Iden.fier Systems Threat Awareness
• Exchange of threat intelligence rela.ng to security events of global nature involving iden.fier systems
• Par.cipa.on in response to threats or aBacks against iden.fier systems, see hBps://www.icann.org/en/about/staff/security/
vulnerability-‐disclosure-‐05aug13-‐en.pdf
Threat Awareness and
Response
Threat Intelligence • Trust networks
Coordinated Response • Vulnerability Disclosure
• Facilita.on
• Ac.ve engagement with global actors who monitor DNS health or iden.fy imminent threats
• DNS vulnerability iden.fica.on, repor.ng, and resolu.on
• Examples – Conficker – ABacks against ccTLDs, registrars – Root system DDoS (Anonymous)
Threat awareness and response
Iden.fier SSR Analy.cs
• Projects in infancy • Develop metrics and analy.cs for iden.fier systems, e.g., – Root system measurements, analysis – Analysis of DNS or registra.on abuse or misuse
– Crea.ve uses of DNS data
Iden.fier SSR Analy.cs
Metrics • “CVEs” • Root System analy.cs
• Incidents
Trust-‐based Collabora.on
• Global Cybersecurity coopera.on – Coordinate engagement through ICANN
Global Stakeholder Engagement – Coordinate cybersecurity message with
Global Stakeholder Engagement • Global Security & Opera.ons
– Daily interac.on on DNS abuse/misuse maBers with first responders, law enforcement, operators
– Coopera.on with DNS research ac.vi.es • Examples
– Engage with registrars and repor.ng par.es to mi.gate DNS abuse/misuse
– Lend subject maBer exper.se during incident response
Trust-‐based Collabora.on
Global SecOps • An.Phishing • An.spam • An.crime • Opera.ons Research
Global CyberSec • CCI • OECD
Capability Building
• DNS training – Security, opera.ons, and DNSSEC deployment training for TLD registry operators
– Informa.on gathering to iden.fy DNS abuse/misuse
– Delivered by contracted par.es, ICANN staff (digital delivery under study)
• Knowledge Transfer – Exchange of informa.on gathering or inves.ga.ng techniques
Capability Building
DNS Training • Security • OAM • Abuse/Misuse
Knowledge Transfer • Europol • Interpol • RIRs
TLD Registry Training 2013
One or more registry staff have aBended from countries
in blue
DNS Abuse/Misuse Training 2013
One or more agents or staff have aBended from countries
in blue
15
