The Domain Name System Facilitation Initiative - Technical Study Group (DSFI-TSG) was formed by the ICANN President and CEO, Göran Marby, to investigate mechanisms to strengthen collaboration and communication on security and stability issues.
While malicious attacks using the domain name system have been happening for many years, these attacks have become increasingly dangerous, more sophisticated, and often involve well-resourced perpetrators.
ICANN has the responsibility to protect the Domain Name System (DNS) and the billions of people who use it every day. The DSFI-TSG was established to explore ideas around what ICANN can and should be doing to increase the level of collaboration and engagement with DNS ecosystem stakeholders to improve the security profile of the DNS.
Attacks on the Domain Name System (DNS) rarely impact only one actor in the Internet ecosystem. With significant recent attacks such as the Sea Turtle hijacking and the DNSpionage, the ICANN President and CEO saw an urgent need to come together and respond. The solution, or solutions, that would best improve the security and stability of the DNS ecosystem are not yet clear. However, it is clear that a new level of collaboration and understanding is required.
Members were invited to participate based on their personal skill and expertise and not as representatives on their employer or other organizations. However, many of the members have affiliations with organizations within the DNS and Security industries.
Merike Käo, Security & Stability Advisory Committee (SSAC) Liaison to the ICANN Board and Chief Security Strategist for Double Shot Security, was asked to serve as coordinator for this group. She is well-qualified for the role, having more than 25 years of experience in leading and developing global security initiatives and enabling interdisciplinary cooperation.
The nine-member group, composed of experts in DNS standards, and operational security incident response handling as well as in-depth security operations, have been asked to explore ideas around what ICANN can and should be doing to increase the level of collaboration and engagement with DNS ecosystem stakeholders to improve the security profile for the DNS. All members have direct experience handling cybercrime and security incidents.
The TSG is supported by a Steering Committee, led by Göran Marby, and made up of members of the Board of Directors and the ICANN Org Executive Team. Also supporting the group are ICANN org staff.
The DSFI-TSG will work to build a comprehensive set of recommendations for what ICANN should – and should not – do to establish and promote best practices, facilitate communications between ecosystem participants, and implement processes to help the community handle threats to the DNS.
The group is structuring the development of its recommendations around five key questions:
- What are the mechanisms or functions currently available that address DNS security?
- Can we identify the most critical gaps in the current DNS security landscape?
- Who is best suited to fill those gaps?
- What are the risks associated with these gaps that may not be well understood?
- Does the DNS have unique characteristics that attract security problems, which other Internet services don’t have?
The DSFI-TSG Charter and Scoping document can be found here.
The charter of the DSFI-TSG is in line with ICANN’s FY21-FY25 Strategic Plan:
- Strategic Objective: Improve the shared responsibility for upholding the security and stability of the Domain Name System (DNS) by strengthening DNS coordination in partnership with relevant stakeholders.
- Strategic Objective: Support and grow active, informed and effective stakeholder participation (specifically in discussions related to security and stability).
It is also one of the goals that the ICANN Board has set for the President and CEO.
Upon completion of the DSFI-TSG’s work, the community will have the opportunity to review its recommendations.
Once the final recommendations have been published, they will be presented to the ICANN President and CEO for consideration.
The DSFI-TSG meetings are not recorded due to the sensitive nature of the materials and subject matter being discussed. However, meeting notes are published on the Wiki page.
The topic of DNS abuse is separate from the work that the TSG is undertaking. Rather, the DSFI-TSG is focusing on the much broader topic of DNS Security.