In May 2020, I established the Domain Name System Security Facilitation Initiative Technical Study Group (DSFI-TSG) in response to significant attacks on the Domain Name System (DNS), such as the Sea Turtle hijacking and the DNSpionage. The group was chartered to investigate potential mechanisms to strengthen collaboration and communication on the security and stability issues that impact the DNS, and to offer recommendations for how ICANN org may best serve to improve the security, stability, and resiliency of the global DNS.
ICANN org is just one partner in the DNS. To ensure a thorough evaluation, input from a variety of stakeholders was critical. Through the DSFI-TSG, we brought together experts in DNS standards and operations, including those who have experience handling cybercrime, security incidents, registry and registrar operations, and critical infrastructure operations.
The DSFI-TSG, led by Merike Käo, Chief Information Security Officer of Uniphore and Security and Stability Advisory Committee Liaison to the ICANN Board, spent the next 18 months on the task at hand. They examined real and known threats to the DNS, discussed mitigations that could have prevented or lessened the severity of the incidents, and considered where ICANN org could best serve the global DNS by encouraging adoption of those mitigations more broadly or facilitating discussion within the community to develop new mitigations.
On 11 October, the DSFI-TSG delivered its final report to me, as noted in a recent blog authored by Merike. Today, I’m pleased to share the report with you. It is a significant, substantive, and well-considered report that offers 12 recommended actions ICANN org can take to promote better security practices throughout the DNS.
I’d like to recognize and thank the members of the DSFI-TSG for their dedication and contributions to this important effort:
- Tim April
- Gavin Brown
- John Crain
- Merike Käo
- Rod Rasmussen
- Marc Rogers
- Katrina Sataki
- Robert Schischka
- Duane Wessels
The next step is for ICANN org to review these recommendations and develop a process for potential implementation. This is one of my goals for fiscal year 2022, as I shared in a recent blog. We will keep you informed as this work progresses, but in the meantime, I extend my deepest thanks to Merike and the entire DSFI-TSG for an exceptional and actionable report.