ICANN Community Mulls Risks From Domain Name System Abuse, IoT
Domain name system abuse and IoT challenges are key issues for the ICANN community, panelists said this week at the ICANN68 meeting held virtually. Despite progress against DNS abuse, much more needs to be done, stakeholders said. Since many IoT devices will use the DNS to locate the services they need, the community must address security risks and other issues, they said.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
DNS abuse is defined as malware, botnets, phishing, pharming or spam that serves as a delivery mechanism for other forms of abuse, noted Jim Galvin, Afilias director-strategic relationships and technical standards. The FTC saw more than 103,000 coronavirus complaints January-June, with fraud losses of more than $68 million, said FTC Counsel-International Consumer Protection Laureen Kapin, co-chair of the ICANN Governmental Advisory Committee public safety working group, stressing the comments were hers. Cooperation among law enforcement agencies (LEAs), registrars and ICANN is working well, Kapin and others said.
Registries and registrars have only one blunt tool for tackling DNS abuse -- taking down the domain name from the DNS, said Galvin, representing the Registries Stakeholder Group. The COVID-19 pandemic showed limited DNS abuse, but lots of content abuse, which site operators, registrants and hosting providers must handle, not registries, he said. Registrars didn't have a material amount of DNS abuse during the pandemic but many COVID-related registrations, said Tucows Information Specialist Graeme Bunton.
End-users still face challenges, said Innovators Network Foundation Executive Director Jonathan Zuck, speaking for the At-Large Advisory Committee. He cited a phishing attack in Italy where emails allegedly from the World Health Organization listed a fake doctor and, when opened, installed malware. DNS abuse is steadily growing, said Mason Cole for the ICANN Commercial Stakeholder Group. The "exacerbating problem" is that ICANN doesn't have the tools it needs to combat the behavior of rogue registrars, he said.
ICANN's Security and Stability Advisory Committee (SSAC) wants more progress in evidentiary standards that show such abuse, said iThreat CEO Jeff Bedser. He wants a more standardized approach to abuse reporting. Public Interest Registry General Counsel Brian Cimbolic, speaking for the Registry Stakeholder Group, said PIR uses a "quality performance index" to give financial incentives to registrars with "good" registration patterns. The FTC's Kapin backed incentives to encourage good behavior and a "no fly list" for registrants that repeatedly engage in abusive behavior. Whatever obligations stakeholders reach consensus on, unless clearly written and understood, "they will be unenforceable" said ICANN Chief Technology Officer David Conrad.
Stakeholders are also trying to assess ICANN's role in the DNS/IoT arena. Key questions are how the IoT differs from the traditional interaction of internet applications and the ICANN community's role in the space, they said. IoT security is "a major challenge," said Cristian Hesselman, director of labs for SIDN, which manages the Netherlands country-code top-level domain, and an SSAC member. A May 28, 2019, report (105) on the DNS and IoT said using the two systems could cut the risk of users being profiled and of IoT devices being redirected, particularly if DNS requests are encrypted. But the influx of traffic from IoT devices could risk distributed denial-of-service attacks and more-complex attacks by IoT botnets, he said.
5G will benefit the IoT and DNS, said European Telecommunications Network Operators' Association Director General Lise Fuhr. The core network level will see much more software, making it easier to work with machine-type communications. Network slicing will be important for security because it will define portions of the network for specific uses; and the use of artificial intelligence will optimize operators' networks, which can help locate threats faster, she said. But there are many open questions from the telco perspective, she said: Infrastructure is expensive, the IoT business case isn't strong, and more investment is needed.
The ICANN meeting ends Thursday.