1 non-adversarial threat sources
1.1.1 Action: Figure out where this fits in the methodology
1.1.1.1 This doesn't belong in the threat tree, it belongs to every threat we identify -- include in the summary materials
1.1.1.2 Olivier -- I did not suggest to evaluate it at every branch -- i just wanted to put on the record that perception would play a big role even though technical impact might be small
1.1.2.1.1 Undermine confidence
1.1.2.1.1.1 in the companies
1.1.2.1.1.2 in the infrastructure itself
1.1.3 Not *everybody* in these categories will be affected but the impact is substantial for those who are
1.1.3.1 In cases of wide-ranging effects there are pockets of non-impact -- but a large majority will be effected
1.1.3.2 In cases of limited effects there are pockets of impact -- but a large majority will not be effected
1.1.3.3 Our focus as a WG is on wide-ranging effects on "The DNS" as a whole, rather than narrower events (which still have severe impact on those who are affected)
1.1.4.7 Providers of "The DNS"
1.1.5 Likelihood assessments are preliminary and will be revisited when we touch the "controls" part of the analysis
1.2.1.1.1 Range of impact
1.2.1.1.1.1 10 -- sweeping, involving almost all of the cyber resources of the DNS
1.2.1.1.1.2 8 -- extensive, involving most of the cyber resources of the DNS
1.2.1.1.1.3 5 --wide-ranging, involving a significant portion of the cyber resources of the DNS
1.2.1.1.1.4 3 --limited, involving some of the cyber resources of the DNS
1.2.1.1.1.5 1 -- minimal, involving few if any of the cyber resources of the DNS
1.2.1.1.2.1 10 -- Confirmed -- Seen by the organization
1.2.1.1.2.1.1 Seen by the organization
1.2.1.1.2.2 8 -- Expected -- Seen by the organization's peers or partners
1.2.1.1.2.3 5 -- Anticipated -- Reported by a trusted source
1.2.1.1.2.4 3 -- Predicted -- Predicted by a trusted source
1.2.1.1.2.5 1 -- Possible -- Described by a somewhat credible source
1.2.1.1.2.6 0 -- N/A -- Not currently applicable
1.3 Threat source - configuration errors by privileged users
1.3.1 "Major" zone (COM/NET/UK/DE/Etc. -- perhaps use a force-ranking by number of domains in the zone -- Top 10? or amount of traffic?)
1.3.1.1.1 10 -- sweeping, involving almost all of the cyber resources of the DNS
1.3.1.1.2 8 -- extensive, involving most of the cyber resources of the DNS
1.3.1.1.3 5 --wide-ranging, involving a significant portion of the cyber resources of the DNS
1.3.1.1.4 3 --limited, involving some of the cyber resources of the DNS
1.3.1.1.5 1 -- minimal, involving few if any of the cyber resources of the DNS
1.3.1.2.1 10 -- Confirmed
1.3.1.2.3 5 -- Anticipated
1.3.1.2.6 0 -- N/A -- Not currently applicable
1.3.1.3.1 10 -- Confirmed
1.3.1.3.3 5 -- Anticipated
1.3.1.3.6 0 -- N/A -- Not currently applicable
1.3.2 "Lesser" zone (that is not outsourced to a major provider)
1.3.2.1.1 10 -- sweeping, involving almost all of the cyber resources of the DNS
1.3.2.1.2 8 -- extensive, involving most of the cyber resources of the DNS
1.3.2.1.3 5 --wide-ranging, involving a significant portion of the cyber resources of the DNS
1.3.2.1.4 3 --limited, involving some of the cyber resources of the DNS
1.3.2.1.5 1 -- minimal, involving few if any of the cyber resources of the DNS
1.3.2.2.1 10 -- Confirmed
1.3.2.2.3 5 -- Anticipated
1.3.2.2.6 0 -- N/A -- Not currently applicable
1.3.2.3.1 10 -- Confirmed
1.3.2.3.3 5 -- Anticipated
1.3.2.3.6 0 -- N/A -- Not currently applicable
1.3.3 Root zone -- an individual administrator changes, and publishes, the contents of the root zone file (something that they "shouldn't" control)
1.3.3.1.1 10 -- sweeping, involving almost all of the cyber resources of the DNS
1.3.3.1.2 8 -- extensive, involving most of the cyber resources of the DNS
1.3.3.1.3 5 --wide-ranging, involving a significant portion of the cyber resources of the DNS
1.3.3.1.4 3 --limited, involving some of the cyber resources of the DNS
1.3.3.1.5 1 -- minimal, involving few if any of the cyber resources of the DNS
1.3.3.1.6 Note -- the impact statement depends on how close the cache is to the user -- the closer to the user, the more dramatic the effect
1.3.3.2.1 10 -- Confirmed -- Seen by the organization
1.3.3.2.1.1 Seen by the organization
1.3.3.2.2 8 -- Expected -- Seen by the organization's peers or partners
1.3.3.2.3 5 -- Anticipated -- Reported by a trusted source
1.3.3.2.4 3 -- Predicted -- Predicted by a trusted source
1.3.3.2.5 1 -- Possible -- Described by a somewhat credible source
1.3.3.2.6 0 -- N/A -- Not currently applicable
1.3.3.3.1 10 -- Confirmed
1.3.3.3.3 5 -- Anticipated
1.3.3.3.6 0 -- N/A -- Not currently applicable
1.3.4 Root zone -- an individual administrator changes an operational parameter that removes the zone from being published or publishes it incorrectly
1.3.4.1.1 10 -- sweeping, involving almost all of the cyber resources of the DNS
1.3.4.1.2 8 -- extensive, involving most of the cyber resources of the DNS
1.3.4.1.3 5 --wide-ranging, involving a significant portion of the cyber resources of the DNS
1.3.4.1.4 3 --limited, involving some of the cyber resources of the DNS
1.3.4.1.5 1 -- minimal, involving few if any of the cyber resources of the DNS
1.3.4.2.1 10 -- Confirmed -- Seen by the organization
1.3.4.2.1.1 Seen by the organization
1.3.4.2.2 8 -- Expected -- Seen by the organization's peers or partners
1.3.4.2.3 5 -- Anticipated -- Reported by a trusted source
1.3.4.2.4 3 -- Predicted -- Predicted by a trusted source
1.3.4.2.5 1 -- Possible -- Described by a somewhat credible source
1.3.4.2.6 0 -- N/A -- Not currently applicable
1.3.4.2.7 Note -- varies with configuration -- eg anycast, unitcast
1.3.4.2.8 Note - Technical requirements for authoritative name servers https://www.iana.org/procedures/nameserver-requirements.html
1.3.4.3.1 10 -- Confirmed
1.3.4.3.3 5 -- Anticipated
1.3.4.3.6 0 -- N/A -- Not currently applicable
1.3.5 Root zone -- in the IANA zone file
1.3.5.1.1 10 -- sweeping, involving almost all of the cyber resources of the DNS
1.3.5.1.2 8 -- extensive, involving most of the cyber resources of the DNS
1.3.5.1.3 5 --wide-ranging, involving a significant portion of the cyber resources of the DNS
1.3.5.1.4 3 --limited, involving some of the cyber resources of the DNS
1.3.5.1.5 1 -- minimal, involving few if any of the cyber resources of the DNS
1.3.5.2.1 10 -- Confirmed -- Seen by the organization
1.3.5.2.1.1 Seen by the organization
1.3.5.2.2 8 -- Expected -- Seen by the organization's peers or partners
1.3.5.2.3 5 -- Anticipated -- Reported by a trusted source
1.3.5.2.4 3 -- Predicted -- Predicted by a trusted source
1.3.5.2.5 1 -- Possible -- Described by a somewhat credible source
1.3.5.2.6 0 -- N/A -- Not currently applicable
1.3.5.3.1 10 -- Confirmed
1.3.5.3.3 5 -- Anticipated
1.3.5.3.6 0 -- N/A -- Not currently applicable
1.3.6 "Major" DNSSEC provider (eg??)
1.3.6.1.1 10 -- sweeping, involving almost all of the cyber resources of the DNS
1.3.6.1.2 8 -- extensive, involving most of the cyber resources of the DNS
1.3.6.1.3 5 --wide-ranging, involving a significant portion of the cyber resources of the DNS
1.3.6.1.4 3 --limited, involving some of the cyber resources of the DNS
1.3.6.1.5 1 -- minimal, involving few if any of the cyber resources of the DNS
1.3.6.2 Relevance to the organization
1.3.6.2.1 10 -- Confirmed -- Seen by the organization
1.3.6.2.1.1 Seen by the organization
1.3.6.2.2 8 -- Expected -- Seen by the organization's peers or partners
1.3.6.2.3 5 -- Anticipated -- Reported by a trusted source
1.3.6.2.4 3 -- Predicted -- Predicted by a trusted source
1.3.6.2.5 1 -- Possible -- Described by a somewhat credible source
1.3.6.2.6 0 -- N/A -- Not currently applicable
1.4 Threat source - business failure of key provider
1.5 Threat source - nation state -- interventions with accidental or unintended consequences -- tentative disposition, remove
1.6 Threat source - key hardware failure (storage, processing, network
1.7 key networking or operating-system software failure
1.8 Threat source - mission-specific software failure (WHOIS, EPP/RPP/billing)
1.9 Threat source - root scaling impacts
1.10 Threat source - natural disaster
1.11 Threat source - widespread telecommunications infrastructure failure
1.12 Threat source - widespread power infrastructure failure
2 adversarial threat sources
2.1 adversarial threat source
2.1.1.6 Relevance to the organization