ICANN Blogs

Read ICANN Blogs to stay informed of the latest policymaking activities, regional events, and more.

ICANN Completes Initial Evaluation of DNS Security Recommendations

14 December 2022
By Samaneh TajalizadehkhoobSamaneh Tajalizadehkhoob

I am pleased to report that the ICANN organization (org) recently completed a feasibility evaluation on 12 recommendations made by the Domain Name System Security Facilitation Initiative Technical Study Group (DSFI-TSG) in its final report. The assessment found all recommendations met ICANN's strategic goals, aligned with ICANN's operating plan, and had no security, stability, or resiliency concerns.

The DSFI-TSG reviewed the Domain Name System (DNS) landscape to understand where the DNS is either directly at risk or used to attack other systems on the Internet. Based on findings of its review, the DSFI-TSG made recommendations for areas where it identified gaps in existing measures and where ICANN org may be able to improve the security and stability of the DNS. These recommendations are organized according to the different types of roles and actions that can be taken, from operational improvements to research, funding, and education and awareness.

Subject matter experts assessed the feasibility of implementing each of the recommendations based on the following high-level assessment criteria and their corresponding impacts:

  • Strategic: How implementation of the recommendation may or may not align with ICANN's strategic goals, values, and priorities.
  • Operational: How implementation aligns with ICANN's Operating Plan.
  • Security, stability, and resiliency (SSR): Whether the recommendation's scope raises any concerns or questions regarding SSR.
  • Fiscal: Potential fiscal ramifications for ICANN org, the community, and the public.
  • Contractual and legal: Any contractual and legal obligations that need to be considered and their potential impacts.
  • Suggested implementation approach: Feasibility of the recommendation's implementation based on the above assessments and if so, a summary of key aspects.

ICANN org plans to engage with relevant stakeholders on the results of the feasibility assessment and to further scope implementation requirements for each recommendation. As a result of this process, those considered feasible and implementable, will move into a final implementation phase, including developing an implementation design and prioritization process.

Background

This project aligned with ICANN's Fiscal Year 2021–Fiscal Year 2025 Strategic Plan and the President and CEO goals. This includes:

  • Strategic Objective: "Improve the shared responsibility for upholding the security and stability of the Domain Name System by strengthening DNS coordination in partnership with relevant stakeholders;"
  • Strategic Objective: "Support and grow active, informed, and effective stakeholder participation (specifically in discussions related to security and stability)."
  • Goal six of the ICANN Board approved goals for Fiscal Year 2023, requested, a "Process for the potential implementation of proposals from the Domain Name System Security Facilitation Initiative Technical Study Group (DSFI-TSG)."

In May 2020, Göran Marby commissioned the technical study group and its formidable-sounding acronym, DSFI-TSG, was born. The group's creation was a response to significant cyberattacks on public DNS infrastructure, such as the Sea Turtle hijacking and the DNSpionage campaign.

As you can see, much has already been accomplished in developing ways to help keep the public DNS infrastructure more secure, stable, and resilient. ICANN org is committed to transparency, and we will keep you informed as this valuable work progresses. Finally, we are preparing to rebrand the project after the holiday break with the goal of making it more accessible to larger audiences.

Authors

Samaneh Tajalizadehkhoob

Samaneh Tajalizadehkhoob

Principal Security, Stability & Resiliency Specialist
Read biographyRead biography