+ - Notes
Action: Figure out where this fits in the methodology
This doesn't belong in the threat tree, it belongs to every threat we identify -- include in the summary materials
Olivier -- I did not suggest to evaluate it at every branch -- i just wanted to put on the record that perception would play a big role even though technical impact might be small
Nature of impact
Major vs minor zone - -- perhaps use a force-ranking by number of domains in the zone -- Top 10? or amount of traffic?)
Not *everybody* in these categories will be affected but the impact is substantial for those who are
In cases of wide-ranging effects there are pockets of non-impact -- but a large majority will be effected
In cases of limited effects there are pockets of impact -- but a large majority will not be effected
Our focus as a WG is on wide-ranging effects on "The DNS" as a whole, rather than narrower events (which still have severe impact on those who are affected)
Who is impacted
Likelihood assessments are preliminary and will be revisited when we touch the "controls" part of the analysis
+ - template
Threat source - configuration errors by privileged users
+ - "Major" zone (COM/NET/UK/DE/Etc.
+ - "Lesser" zone (that is not outsourced to a major provider)
+ - Root zone -- an individual administrator changes, and publishes, the contents of the root zone file (something that they "shouldn't" control)
+ - 10 -- sweeping, involving almost all of the cyber resources of the DNS
+ - 8 -- extensive, involving most of the cyber resources of the DNS
+ - 5 --wide-ranging, involving a significant portion of the cyber resources of the DNS
+ - 3 --limited, involving some of the cyber resources of the DNS
+ - 1 -- minimal, involving few if any of the cyber resources of the DNS
Note -- the impact statement depends on how close the cache is to the user -- the closer to the user, the more dramatic the effect
+ - Root zone -- an individual administrator changes an operational parameter that removes the zone from being published or publishes it incorrectly
+ - 10 -- Confirmed -- Seen by the organization
8 -- Expected -- Seen by the organization's peers or partners
5 -- Anticipated -- Reported by a trusted source
3 -- Predicted -- Predicted by a trusted source
1 -- Possible -- Described by a somewhat credible source
0 -- N/A -- Not currently applicable
Note -- varies with configuration -- eg anycast, unitcast
Note - Technical requirements for authoritative name servers https://www.iana.org/procedures/nameserver-requirements.html
+ - Root zone -- in the IANA zone file
+ - "Major" DNSSEC provider (somebody who does DNS services, eg DynDNS, NeuStar, large businesses, etc) -- localized to the community served by that provider.
+ - DNSSEC for a TLD zone
+ - Critical DNS support files (e.g.: Hints, which are distributed with resolvers and can become stale; Root-servers.net -- the zone where all the root servers are listed; Roots public key; Resolver configuration files)
+ - A registry administrator misconfigures provisioning systems between registries and registrars (the result being that registrars can't add/change/delete zones from the TLD) -- EPP is one way to do that, but there are others
+ - Threat source - business failure of key provider
Disrupts a "major" zone file (.COM/.NET/.UK/.DE etc.) |
Disrupts a "lesser" zone file (that is not outsourced to a major provider) |
Root zone -- is published incorrectly |
Root zone -- is not published |
Disrupts the IANA zone file |
Disrupts DNSSEC from a "Major" DNSSEC provider |
Disrupts DNSSEC for a TLD zone |
Disrupts Critical DNS support files |
Disrupts provisioning systems between registries and registrars (the result being that registrars can't add/change/delete zones from the TLD) |
Threat source - nation state -- interventions with accidental or unintended consequences -- tentative disposition, remove
Threat source - key hardware failure (storage, processing, network
Threat source - key networking or operating-system software failure
Threat source - mission-specific software failure (WHOIS, EPP/RPP/billing)
Threat source - root scaling impacts
Threat source - natural disaster
Threat source - widespread telecommunications infrastructure failure
Threat source - widespread power infrastructure failure