Identifier Systems Security Stability and Resiliency!

!Champika Wijayatunga, ICANN!MyNOG4 – Malaysia 21 August 2014 !

2

What does ICANN do?!

3

ICANN  is  a  global  organiza0on  that  coordinates  the  Internet’s  unique  iden0fier  systems  for  worldwide  public  

benefit,  enabling  a  single  interoperable  Internet.  

4

+ Domain Name System (DNS)

+ Internet Protocol (IP) Address Allocation

+ Protocol-Parameter Registry

+ Root Server Systems

+ Generic Top-Level Domain Names (gTLD) system management

+ Country-code Top-Level Domain Name (ccTLD) DNS

+ Time Zone Database Management

Functions that ICANN Coordinates!

SSR  Framework    

•  Security  –  the  capacity  to  protect  and  prevent  misuse  of  Internet  unique  iden;fiers.  

•  Stability  –  the  capacity  to  ensure  that  the  system  operates  as  expected,  and  that  users  of  the  unique  iden;fiers  have  confidence  that  the  system  operates  as  expected.    

•  Resiliency  –  the  capacity  of  the  unique  iden;fier  system  to  effec;vely  withstand/tolerate/survive  malicious  aCacks  and  other  disrup;ve  events  without  disrup;on  or  cessa;on  of  service.    

The  Challenge  

•  Misuse  of  and  aCacks  against  the  DNS  and  global  networks  challenge  overall  unique  iden;fier  security  –  Affect  the  broad  range  of  users,  individuals,  businesses,  civil  society  and  governments  

•  Security  in  the  context  of  the  Internet's  unique  iden;fiers  should  be  addressed  through  a  healthy  Internet  ecosystem.    –  an  Internet  that  is  sustainable  or  healthy,  stable  and  resilient  

6  

Coordina;on  &  Collabora;on  

•  Generic  Top  Level  Domain  Operators  (gTLDs)  –  .com,  .net,  .org  etc.  

•  Country  Code  Top  Level  Domain  Operators  (ccTLDs)  –  .bd,  .in,  .sg  etc.  

•  CERTs  •  Regional  Internet  Registries  (RIRs)  •  Governments  /  Law  Enforcement  •  Interna;onal  Organisa;ons  •  Research  Organisa;ons  /  Experts  •  Etc.  

7  

8

!Functional Areas!

Threat  Awareness  and  

 Preparedness  

Trust-­‐based  Collabora;on  

Iden;fier  SSR  Analy;cs   Capability  Building  

Iden;fier  Systems  SSR  

Iden;fier  Systems  Threat  Awareness  

•  Exchange  of  threat  intelligence  rela;ng  to  security  events  of  global  nature  involving  iden;fier  systems  

•  Par;cipa;on  in  response  to  threats  or  aCacks  against  iden;fier  systems,  see    hCps://www.icann.org/en/about/staff/security/

vulnerability-­‐disclosure-­‐05aug13-­‐en.pdf    

Threat  Awareness  and  

Response  

Threat  Intelligence  • Trust  networks  

Coordinated  Response  • Vulnerability  Disclosure  

• Facilita;on  

•  Ac;ve  engagement  with  global  actors  who  monitor  DNS  health  or  iden;fy  imminent  threats  

•  DNS  vulnerability  iden;fica;on,  repor;ng,  and  resolu;on  

•  Examples  –  ACacks  against  ccTLDs,  registrars  –  Root  system  DDoS  (Anonymous)    

Threat  awareness  and  response  

Iden;fier  SSR  Analy;cs  

•  Projects  in  infancy    •  Develop  metrics  and  analy;cs  for  iden;fier  systems,  e.g.,    –  Root  system  measurements,  analysis  –  Analysis  of  DNS  or  registra;on  abuse  or  misuse    

–  Crea;ve  uses  of  DNS  data  

Iden;fier  SSR  Analy;cs  

Metrics  •   “CVEs”  • Root  System  analy;cs  

•  Incidents  

Trust-­‐based  Collabora;on  

•  Global  Cybersecurity  coopera;on  –  Coordinate  engagement  through  ICANN    

Global  Stakeholder  Engagement  –  Coordinate  cybersecurity  message  with  

Global  Stakeholder  Engagement  •  Global  Security  &  Opera;ons  

–  Daily  interac;on  on  DNS  abuse/misuse  maCers  with  first  responders,  law  enforcement,  operators  

–  Coopera;on  with  DNS  research  ac;vi;es        •  Examples  

–  Engage  with  registrars  and  repor;ng  par;es  to  mi;gate  DNS  abuse/misuse  

–  Lend  subject  maCer  exper;se  during  incident  response  

Trust-­‐based  Collabora;on  

Global  SecOps  •  An;Phishing  •  An;spam  •  An;crime  •  Opera;ons  Research  

Global  CyberSec  •  CCI  •  OECD  

Capability  Building  

•  DNS  training  –  Security,  opera;ons,  and  DNSSEC  deployment  training  for  TLD  registry  operators  

–  Informa;on  gathering  to  iden;fy  DNS  abuse/misuse    

–  Delivered  by  contracted  par;es,  ICANN  staff  (digital  delivery  under  study)  

•  Training  for  Law  Enforcement  bodies  •  Knowledge  Transfer  

–  Exchange  of  informa;on  gathering  or  inves;ga;ng  techniques  

Capability  Building  

DNS  Training  •  Security  •  OAM  •  Abuse/Misuse  

Knowledge  Transfer  •  Europol  •  Interpol  •  RIRs  

Ac;vi;es  in  Malaysia  

•  Suppor;ng  Network  Opera;onal  and  Technical  Communi;es  – MyNOG,  APRICOT,  APT  Cyber  Security  Forum  etc.  

•  Collabora;on  with  Malaysian  Communica;ons  and  Mul;media  Commission  (MCMC)  – Online  Safety,  Security  Educa;on  &  Awareness  Ini;a;ves  

– Capacity  building  and  Outreach  14  

Ac;vi;es  in  Malaysia  

•  MyNIC  (ccTLD)  – Encouraging  DNSSEC  Deployment    

•  Registrars,  ISPs  etc.  –  IDN  delega;on    

•  Poten;al  L-­‐root  Server  instance  

15  

16

Growing the Asia Pacific Network!

•  ICANN APAC Hub •  apachub@icann.org

•  SSR issues: •  champika.wijayatunga@icann.org

Thank You!