Feeds

ICANN board member berates 'woefully unprepared' DHS

New entity needed for cybersecurity, she argues

Top 5 reasons to deploy VMware with Tegile

Amid the outcry over allegations that the Department of Homeland Security (DHS) wants the security keys to the DNSSEC encryption technology slowly – very slowly – being adopted by internet overlord ICANN, one ICANN board member, the refreshingly candid Susan Crawford, has recently taken her own swipe at security standards in place at the DHS.

According to Crawford, the DHS is woefully unprepared for what lies ahead. She noted at a recent conference that ICANN’s major security concern after the Distributed Denial of Service (DDoS) attack on six of the internet’s root servers in February has been a repeat of the incident powerful enough to cause a is a massive virtual blackout.

Although the alleged power grab by DHS has gotten all the headlines, the security keys - still are not actually in use - wouldn’t provide the DHS with any information it does not already have access to. How the DHS would respond to a massive DDoS attack that succeeded in shutting down large chunks of the internet is another matter entirely.

According to Crawford the DHS has a long way to go. "From the outside, it looks as if [DHS] doesn't really know what it's doing," she said. "They're trying, but many of their efforts lack timeframes for completion." Other problems, such as a high turnover rate among senior officials at DHS, have had an impact, but there seems to be a general failure of imagination at the agency. Crawford has been advocating the creation of a new internet governance group to tackle the problem.

As she stated in her blog last week, “All of the internet governance models we have right now have strengths and weaknesses. For responses to problems like DDoS attacks, we'd need a forum for discussion that has (1) the non-mandatory merit-based processes of IETF, including real industry involvement leading to substantial market pressure, (2) the globalness of IGF, (3) the agility of a private group, and (4) the clear voice of leadership that can be provided by government involvement. And we'd need to avoid the problems that all of these fora have.”

Sher went on, “To prevent future attacks, we'll need to prevent machines from being turned into zombies that can be directed at targets. That's a big task that requires coordination among many hardware manufacturers and operating system designers. It can't be mandatory, this coordination, because that won't necessarily lead to the right set of solutions -- but it can be agile, global, and well-led.”

With Greg Garcia, formerly vice president at the Information Technology Association of America, now cyber-security czar at the DHS, the time could be ripe for a change in focus at the lumbering agency. However, Crawford held out more hope for a new, more nimble group to take control. A new entity "with a new, friendly acronym" might be the best bet, she said. "None of the existing institutions will work."

She has a point. The notoriously ineffectual ICANN seems an unlikely agent to do the job because of its fear of confrontation and a general disinterest in policing cyberspace – even in a largely technical sphere that cuts to the core of ICANN’s mission, which is to protect the integrity and stability of the net itself.

She wants an ICANN-style multi-stakeholder entity that is not the ICANN we currently know and love. Of course, that begs the question of whether or not two ICANNs are really better than one. ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.