Dave Piscitello presenting at the Eastern European DNS Forum in Kiev, Ukraine.
During the first weeks of December 2016, I continued a series of Identifier Systems Security, Stability and Resiliency (IS SSR) team and Global Stakeholder Engagement (GSE) cybersecurity engagements that began in September.
My journey began in Kiev, Ukraine, where I participated in the first Eastern European Domain Name System Forum, a regional meeting of members of the domain name and DNS communities, which was held from 1-2 December. This event emerged from UADOM, the annual international conference of the domain name market that is held by Hostmaster.UA. With ICANN's support, Hostmaster.UA was able to expand to this year's regional format.
The event gathered over 200 experts in Kiev, and the diverse audience demonstrated knowledge from business, government, operational and technical areas. There was an eagerness to debate and share views on the Internet of Things, cybersecurity and cybecrime, and how the DNS will affect or be affected by these emergent or important challenges. ICANN's presence was quite strong on the agenda. Those attending included George Sadowski, ICANN board member, David Olive, Senior Vice President, Policy Development Support And General Manager, ICANN Hub in Istanbul, Mukesh Chulani, Senior Manager, Registrar Services and regional GSE staff – Michael Yakushev, Vice President, and Alexandra Kulikova, Manager, for Eastern Europe and Central Asia.
My hosts kept me busy throughout this two-day event, and scheduled me for three sessions. On day one, which was devoted to technical tutorials, I discussed IOT security (a.k.a., The Internet of Threats) and the role that ICANN's Internet Identifier SSR plays in operational security, identifier system threat awareness and mitigation and capability building. On day two, I gave a talk about distributed denial of service (DDoS) attacks in a panel discussion entitled 'Threats to the DNS'. The conference presentations and photos are available at EEDNSUA. Videos for day one (1 December) and day two (2 December) are available on YouTube.
During the event, I also had an opportunity to meet with several Ukrainian public safety communities, including the Service on Special Communications, Service of Security of Ukraine, Cyberpolice, Communications Department of the Armed Forces, and the National Telecommunications Regulation Commission, where I explained the training programs that the ICANN SSR team offers to abuse investigators or ccTLD operators. We also discussed the challenges of multi-jurisdictional cyber attacks. This was an introductory meeting where I saw a lot of interest from the audience. We are optimistic that we can come back for a full training sometime in 2017.
My tour continued in Tbilisi, Georgia, from 5-6 December, where I did a day and a half training on Investigating DNS Abuse for 18 participants from several agencies including the Data Exchange Agency, Office of the Personal Data Protection, Prosecutor Office, Ministry of Internal Affairs, National Bank and Georgian National Communications Commission. The training, hosted by the Internet Development Initiative (IDI) and the Georgian Foundation for Strategic and International Studies (GFSIS), introduces or reinforces strategies, techniques and tools that infosec professionals use to identify Identifier Systems abuse (DNS, IP, ASN). On day two, I gave attendees opportunities to apply what they'd learned in a hands-on investigation of a live malware campaign. The training was very well accepted, and the participants seemed eager to see a follow-up with a more customized program tailored to local needs.
Our Eastern European hosts have been incredibly welcoming and highly complimentary about our activities in 2016. We have received many expressions of interest to have us return or to expand our engagements further into Eastern Europe in 2017. We look forward to future, equally successful engagements.