Skip to main content

Cybersecurity Topics on a Whirlwind Tour of Eastern Europe: Take 2

Dp eednsf 1500x1000 14dec16 en

Dave Piscitello presenting at the Eastern European DNS Forum in Kiev, Ukraine.

During the first weeks of December 2016, I continued a series of Identifier Systems Security, Stability and Resiliency (IS SSR) team and Global Stakeholder Engagement (GSE) cybersecurity engagements that began in September.

My journey began in Kiev, Ukraine, where I participated in the first Eastern European Domain Name System Forum, a regional meeting of members of the domain name and DNS communities, which was held from 1-2 December. This event emerged from UADOM, the annual international conference of the domain name market that is held by Hostmaster.UA. With ICANN's support, Hostmaster.UA was able to expand to this year's regional format.

The event gathered over 200 experts in Kiev, and the diverse audience demonstrated knowledge from business, government, operational and technical areas. There was an eagerness to debate and share views on the Internet of Things, cybersecurity and cybecrime, and how the DNS will affect or be affected by these emergent or important challenges. ICANN's presence was quite strong on the agenda. Those attending included George Sadowski, ICANN board member, David Olive, Senior Vice President, Policy Development Support And General Manager, ICANN Hub in Istanbul, Mukesh Chulani, Senior Manager, Registrar Services and regional GSE staff – Michael Yakushev, Vice President, and Alexandra Kulikova, Manager, for Eastern Europe and Central Asia.

My hosts kept me busy throughout this two-day event, and scheduled me for three sessions. On day one, which was devoted to technical tutorials, I discussed IOT security (a.k.a., The Internet of Threats) and the role that ICANN's Internet Identifier SSR plays in operational security, identifier system threat awareness and mitigation and capability building. On day two, I gave a talk about distributed denial of service (DDoS) attacks in a panel discussion entitled 'Threats to the DNS'. The conference presentations and photos are available at EEDNSUA. Videos for day one (1 December) and day two (2 December) are available on YouTube.

During the event, I also had an opportunity to meet with several Ukrainian public safety communities, including the Service on Special Communications, Service of Security of Ukraine, Cyberpolice, Communications Department of the Armed Forces, and the National Telecommunications Regulation Commission, where I explained the training programs that the ICANN SSR team offers to abuse investigators or ccTLD operators. We also discussed the challenges of multi-jurisdictional cyber attacks. This was an introductory meeting where I saw a lot of interest from the audience. We are optimistic that we can come back for a full training sometime in 2017.

My tour continued in Tbilisi, Georgia, from 5-6 December, where I did a day and a half training on Investigating DNS Abuse for 18 participants from several agencies including the Data Exchange Agency, Office of the Personal Data Protection, Prosecutor Office, Ministry of Internal Affairs, National Bank and Georgian National Communications Commission. The training, hosted by the Internet Development Initiative (IDI) and the Georgian Foundation for Strategic and International Studies (GFSIS), introduces or reinforces strategies, techniques and tools that infosec professionals use to identify Identifier Systems abuse (DNS, IP, ASN). On day two, I gave attendees opportunities to apply what they'd learned in a hands-on investigation of a live malware campaign. The training was very well accepted, and the participants seemed eager to see a follow-up with a more customized program tailored to local needs.

Our Eastern European hosts have been incredibly welcoming and highly complimentary about our activities in 2016. We have received many expressions of interest to have us return or to expand our engagements further into Eastern Europe in 2017. We look forward to future, equally successful engagements.


    Vladimer Svanadze  06:51 UTC on 14 December 2016

    Many thanks, Dave. We/IDI are planning also training courses for 2017

    Avon Katalog  19:37 UTC on 15 December 2016

    It was great forum, thanks.

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."