Logo
ICANN
ICANN
Filtered Search

Are you sure you want to sign out from http://www.icann.org?

If you want to sign out from both http://www.icann.org and ICANN Account, click here.

ICANN Blogs

Read ICANN Blogs to stay informed of the latest policymaking activities, regional events, and more.

Working Toward a More Secure Domain Name System (DNS) Ecosystem

1 September 2020
By
Merike Käo

Merike Käo

Merike Kaeo currently serves as the Chief Information Security Officer (CISO) of Uniphore, a conversational AI technology company. She has over 25 years of experience in pioneering Internet technology deployments and developing strategic security initiatives. Merike instigated and led the first security initiative for Cisco Systems in the mid 1990s and authored the first Cisco book on security, Designing Network Security, which was translated into multiple languages and widely used in security accreditation programs. She has held a variety of executive leadership positions and has a deep rooted history in the global Internet community having contributed to organizations such as NANOG, APNIC, RIPE, ARIN, LACNIC, IGF, IETF, FIRST and ISOC. She is a frequently sought after panelist and keynote speaker for disseminating and promoting strategies to create stable, resilient and safe digital environments. In 2007, Merike was instrumental in fostering cooperation and trust among the global operational security community and the Estonian National CERT during the cyber attacks against Estonia. She is fluent in Estonian, German and English and is hoping to learn Spanish in the near future. Having earned a MSEE from George Washington University and a BSEE from Rutgers University, Merike is a longstanding member of the IEEE. She is also a pioneer member of ISOC and has been an active IETF contributor since 1992. She was named an IPv6 Forum Fellow in 2007 for her continued efforts to raise awareness of IPv6 related security paradigms. Since 2010, she has been on ICANN's Security and Stability Advisory Council (SSAC), a Board advisory committee comprised of Internet pioneers and technical experts including operators of Internet root servers, registrars, and TLD registries. Merike has participated on the FCC's Communications Security, Reliability and Interoperability Council (CSRIC) and served a one-year term on the ARIN Board of Trustees from Jan 1, 2017 to Dec 31, 2017. Merike Kaeo has been appointed to serve as the non-voting liaison from the Security & Stability Advisory Committee starting in 2018 and continuing through 2021.

The Domain Name System Security Facilitation Initiative Technical Study Group (DSFI-TSG) is now well underway and has completed its first major milestone: finalizing its charter and scope.

Attacks on the DNS rarely impact only one actor in the Internet ecosystem and many attacks can be realized due to multiple threat vectors. As a result, the group’s scope is based on the mechanics of broad security issues that include the following areas: identity management; availability of the DNS; infrastructure impersonation; hardware, software, and protocol vulnerabilities; fate sharing; security threats that utilize the DNS; verifying/validating trust in the DNS infrastructure and data; and cryptography.

There is an understanding that while theoretical attacks are unlikely to result in concrete recommendations, the work of the DSFI-TSG will take into account any new attacks that are realized during the course of its work.

The DSFI-TSG will structure the development of its recommendations around five key questions:

  1. What are the mechanisms or functions currently available that address DNS security?
  2. Can we identify the most critical gaps in the current DNS security landscape?
  3. Who is best suited to fill those gaps?
  4. What are the risks associated with these gaps that may not be well understood?
  5. Does the DNS have unique characteristics that attract security problems, which other Internet services don’t have?

The goal of the DSFI-TSG is to look at the cross-functional aspects of the DNS and to create recommendations to the ICANN CEO that promote best practices, facilitate communications, and implement processes to help all stakeholders mitigate and/or respond to threats to the DNS ecosystem.

The completion of the charter and scope is a testament to the DSFI-TSG members’ commitment to improving the world of DNS security despite the challenges introduced by a lack of face-to-face meetings, summer vacations, and a workload that has only increased as a result of COVID-19. I am incredibly grateful for the productive conversations we’ve had so far, and the promise of more to come.

Expect more information through our meeting notes and future blog posts, available on the DSFI-TSG website.

Authors

Merike Käo

Merike Käo

Merike Käo

Merike Käo

Merike Kaeo currently serves as the Chief Information Security Officer (CISO) of Uniphore, a conversational AI technology company. She has over 25 years of experience in pioneering Internet technology deployments and developing strategic security initiatives. Merike instigated and led the first security initiative for Cisco Systems in the mid 1990s and authored the first Cisco book on security, Designing Network Security, which was translated into multiple languages and widely used in security accreditation programs. She has held a variety of executive leadership positions and has a deep rooted history in the global Internet community having contributed to organizations such as NANOG, APNIC, RIPE, ARIN, LACNIC, IGF, IETF, FIRST and ISOC. She is a frequently sought after panelist and keynote speaker for disseminating and promoting strategies to create stable, resilient and safe digital environments. In 2007, Merike was instrumental in fostering cooperation and trust among the global operational security community and the Estonian National CERT during the cyber attacks against Estonia. She is fluent in Estonian, German and English and is hoping to learn Spanish in the near future. Having earned a MSEE from George Washington University and a BSEE from Rutgers University, Merike is a longstanding member of the IEEE. She is also a pioneer member of ISOC and has been an active IETF contributor since 1992. She was named an IPv6 Forum Fellow in 2007 for her continued efforts to raise awareness of IPv6 related security paradigms. Since 2010, she has been on ICANN's Security and Stability Advisory Council (SSAC), a Board advisory committee comprised of Internet pioneers and technical experts including operators of Internet root servers, registrars, and TLD registries. Merike has participated on the FCC's Communications Security, Reliability and Interoperability Council (CSRIC) and served a one-year term on the ARIN Board of Trustees from Jan 1, 2017 to Dec 31, 2017. Merike Kaeo has been appointed to serve as the non-voting liaison from the Security & Stability Advisory Committee starting in 2018 and continuing through 2021.

You May Also Like