Dr. Steve Crocker Visits With Thai Prime Minister Yingluck Shinawatra In Bangkok, June 7 2013

Earlier this month, Dr. Stephen Crocker and I had the privilege of visiting Thailand’s capitol city, Bangkok.  We spent the week meeting with local Internet and business pioneers.

Our first official task was to attend an international conference for the newspaper industry. The combined World Newspaper Congress (65th), World Editors Forum (20th) and World Advertisers Forum (23rd) focuses on the news industry and, honestly, was not something I would traditionally expect myself attending. However when looking at the agenda and listening to talks, it became very apparent that this is an industry that finds itself at a pivotal point in its evolution. Understanding and embracing the modern online world was a central element of the conference. Dr. Crocker gave an on stage interview to Mr Pichai Chuensuksawadi, Editor-in-Chief of The Post Publishing Public Co. Ltd. The discussion was both enlightening and humorous. Apparently newspapers still print on materials made from trees, who knew?

The main event was the following day – a day of celebrations to commemorate Twenty-Five, yes Twenty-Five years since the founding of .TH. If you are in the business of making watches, baking bread, or producing other traditional staples of society, then a quarter of a century may seem like a relatively short period of time. However in Internet years, Twenty-Five is pretty historic.  It was a pleasure to sit back and listen to congratulations pour in to .TH from around the globe. I was personally very pleased to have been on the invite list. It is a great honor to know and work with people who pioneered the Internet in Thailand and who also have been long time advocates for the Internet way of doing things.

.TH has evolved from being run out of the Asia Institute of Technology (AIT) to today’s non-profit .THNIC, which is an industry leader in the region. My first interactions with AIT go back to their hosting of training sessions for their fellow ccTLDs at AIT’s Interlab, sharing their knowledge and hospitality as only they know how.  Dr. Crocker and I made a trip out to AIT to see how Interlab has faired since the floods of a couple of years ago.  We were pleased to see that they are back on their feet, although still rebuilding, and once again offering training to others in the region. We also got to see some of the really cool projects that Interlab and THNIC are working on in the realm of using networking to aid disaster recovery.

THNIC also has the distinction of being the first ccTLD in the region to sign their zone with DNSSEC!

In the evening, Pichai hosted another chat, this time including both Steve Crocker and Vint Cerf, who joined via video. As always, it was fascinating listening to them recount the early days of the Arpanet and how they have seen the world change since.

The final day of Dr Crocker’s visit included opening a DNSSEC training session, provided by NLNetLabs and the Network Startup Resource Center which focused on the importance of DNSSEC with decision makers and included multiple days of hands on training for administrators.

The trip wrapped up with a visit to the offices of the Thai Prime Minister, Yingluck Shinawarra, where we were accompanied by Olaf Kolkman (NLNetlabs), Khun Kanchana Kanchanasut (AIT/THNIC Foundation), Pensri Arunwatanamongkol (THNIC Foundation) and Dr. Thaweesak (NSTDA). The Prime Minister was very well versed in matters of technology and interested in Thailand’s participation in ICANN as well as various matters relating to the growth of the Internet.

All in all, a very interesting visit to one of Asia’s great cities.

A big thank you, Kop Khun Ma Krup, to our hosts at .THNIC

To handle the tremendous increase in scale resulting from the New gTLD Program, and to ensure ICANN’s operational excellence, I am creating a new division that will be called the Generic Domains Division (GDD). Akram Atallah, who is currently the Chief Operating Officer (COO), will become divisional President of the GDD that will include gTLD Operations, DNS Industry Engagement, and Online Community Services.

Given Akram’s transition, I’m delighted to announce that Susanna Bennett, an accomplished financial and operational executive in technology services, will be joining us as the new COO. Susanna will help to deliver on ICANN’s agility, accountability and visibility that I discussed at ICANN 46 in Beijing.

To provide coherence and leadership of our technical resources, I am also creating a new position to manage Technical & Security Operations that will report directly to me. This is an important commitment to our mission and community, and we are very active in identifying candidates to fill this critical role.

Since becoming President and CEO in September of last year, and as I promised in Toronto at ICANN 45, I have made it a priority to internationalize ICANN so key functions and top leaders are spread around the world to accelerate effective and professional global management. I look forward to ICANN 47 in Durban, taking place soon on 14-18 July, where I will be able to introduce you to our new COO and expand on other significant organizational changes taking place that will help us to mature ICANN, reaffirm our commitment to the public interest and serve the growth of the Internet.

As followers of the Internet Governance agenda can appreciate, there was some trepidation in the lead up to this meeting given the issues that arose at the World Conference on International Telecommunications (WCIT) last December in Dubai and the fact that this event, unlike the WCIT, was actually supposed to be discussing IG issues! Would the WTPF, as some speculated, opine that governance of the Internet was the sole preserve of governments or that IP addressing should be in the hands of the ITU?

In fact, the outcome for those of us dedicated to, and passionate about, the multi-stakeholder approach was very reassuring. The six official Opinions adopted on such issues as Broadband, Internet Connectivity, Ipv6 transition and Enhanced Cooperation were very positive and really do acknowledge the fact that all parts of the community have a contribution to make to the development and governance of the Internet. You can read the WTPF results here.

Just as important as the outcome of the WTPF was the process that led up to it and how business was conducted in Geneva.

For the former, we had, in contrast to many multilateral meetings, a true multi-stakeholder process with governments, businesses, civil society and the technical community sitting alongside each other and contributing equally to the process of drafting these Opinions. As with ICANN, a sometimes messy process but one that secures real buy-in.

For the latter, the atmosphere in Geneva was excellent; set in tone by eloquent opening addresses by Fadi recalling, not least, how ICANN is evolving to meet global challenges, and Hamoudin Touré, the ITU Secretary General who, in emphasizing the need for us all to work peacefully, donned a blue helmet! But the tone also was set through a process where we all had a chance to contribute. True, we do not all agree with each other. That would be unnatural and rather boring. But we did show how through cooperation we could secure progress in ensuring global recognition of this social and economic transforming phenomenon.

And that was just the WTPF! It would not surprise anyone to learn that Fadi, Steve and others from the Board and Staff conducted over 20 bilateral meetings; took part in a briefing session with the WTO, had an excellent dialogue with Hamadoun Touré, and still had time to pose for a few photos.

What next? No rest for the wicked with further dialogue on Internet Governance issues coming up in the context of a UN Working Group on Enhanced Cooperation – basically how governments can properly engage in the context of their public policy role – and then the ITU Developmental Conference and the WSIS Review Sessions early in 2014.

There is plenty of work for the whole Community to do.

Left to right: Tarek Kamel, Fadi Chehadé, ITU Secretary
General Hamadoun Touré, Steve Crocker, Nigel Hickson

In response, we have conferred with those ICANN staff members who have the greatest expertise in the areas of the inquiries, in order to give thorough and accurate responses. Those responses have now been posted and can be found at http://beijing46.icann.org/meetings/beijing2013/presentation-public-forum-responses-11apr13-en.pdf [PDF, 101 KB].

As always, we welcome your questions and comments during Public Forum sessions. Internally, we on the Board are wrestling with a dilemma – Should we do what we have been doing, specifically, take your questions in the Public Forum then respond later (as we did this time) OR should we answer your questions immediately, if possible, at the Public Forum?

We evolved to the current system simply in an effort to afford more people, both those in the room and remote participants, the opportunity to ask more questions. However, some have argued that they would rather hear fewer questions and get immediate responses from the Board.

We would be interested in what you think, please send your comments to public_forum@icann.org.

I’m looking forward to hearing more of your questions and comments during the next Public Forum at our Durban meeting.

The proposed agreement is the result of several months of negotiations, formal community feedback, and meetings with various stakeholders and communities. Based on the community feedback during the ICANN 46 meeting in Beijing, ICANN and the Registry Agreement Negotiating Team maintained a consistent and swift pace to finalize the negotiations and bring the proposed terms into a final draft form, ready for community review and comment.

We have come a long way since February 2013 when we posted a proposed Revised New gTLD Registry Agreement for public comment. A new and highly spirited sense of mutual trust has catapulted us into a fresh atmosphere of collaboration, which in turn has led to a consistently more productive environment. The spirit of teamwork, productive dialogue and partnership that has underpinned this negotiation process is tremendously heartwarming, as it has allowed us to bring to fruition a robust contractual framework for the New gTLD Program.

On behalf of ICANN, I would like to sincerely thank the registry community for acting in good faith and with tremendous goodwill, making this last key step possible.

This particular session also marked the posting of the Proposed Final 2013 Registrar Accreditation Agreement (RAA) for which ICANN is seeking public comment. Getting to this stage, after eighteen months of intense negotiations, is a tremendous collective accomplishment and I would like to convey my sincere appreciation to the Registrar Negotiating Team for their significant contributions and collaborative dialogue throughout the process.

As part of the summit agenda, participants briefed each other on efforts to raise the profile of the DNS sector, provided status reports on various DNS initiatives, and delved into mechanisms that can be utilized to further demonstrate the value of the Internet. For instance, discussions centered on topics such as info graphics for depicting the domain name value chain; philanthropic vehicles to support DNS entrepreneurship in the developing world; industry conferences and consumer awareness forums; and proposals to codify ethical standards for DNS businesses. What I found to be particularly beneficial during our interactive brainstorming sessions were the perspectives and experiences of the ccTLD operators.

We emerged with a timeline for completing our work to be showcased to the broader community at ICANN 47 in Durban in July. I want to emphasize this work was conducted entirely by the CEOs, with ICANN serving as facilitator, and it was truly exciting to see this diverse group of leaders in action.

In addition, a sub-group of participants presented their plans to form a Domain Name Industry Association, entirely independent of ICANN, designed to further the interests of a range of organizations within the ever-evolving DNS sector.

During the latter part of our meeting, we focused on ICANN’s future through an interactive session, one of many conversations to take place in the coming months. As I explained in Beijing, we will begin a process in June toward creating a new vision and a five-year strategic plan for ICANN, and all stakeholders are invited to participate. More information: Video and Strategy Conversation.

I am extremely grateful to everyone who could be there, including ICANN Board Members Cherine Chalaby and Bruce Tonkin, and for their deep insights on how ICANN can continue to achieve its goal of becoming a mature, inclusive and efficient organization. ICANN’s Engagement Team is already at work organizing comparable events and is planning a CEO Roundtable for leaders from academia, civil society and nonprofits in the near future.

Our work, however, is only just beginning as we look ahead to the bright horizon. The New gTLD Program Timeline [PDF, 488 KB] is reflective of these important endeavors, and I remain invigorated by the forward steps that we are all achieving together.

DDoS attacks are serious problems. While ICANN’s role in mitigating these threats is limited, the Security Team offers these insights to raise awareness on how to report DDoS attacks

Distributed Denial of Service attacks have increased in scale, intensity and frequency. The wide range of motives for these attacks – political (hacktivism), criminal (coercion), or social (malice) – makes every merchant or organization with an online presence a potential target. The shared nature of the Internet infrastructure – whether hosting, DNS, or bandwidth – puts many merchants or organizations at risk of becoming collateral damage, as well. If you find that your site or organization is under attack, it’s important that you report such attacks quickly to parties that are best positioned to help you mitigate, weather, and restore normal service.

I’m under attack. What should I do? Whom should I call?

Any Internet service – web, DNS, Internet voice, mail – can be the target of a DDoS attack. If your organization uses a hosting provider for a service that is attacked, first contact the hosting provider. If your organization hosts the network or Internet service that is under attack, first take measures to contain or dampen the attack. Next, call the service provider that provides Internet access for your network. Most hosting providers and ISPs post emergency contacts on their web sites and many include at least general contact numbers on bills. If you only have a general contact number, explain that you are under attack and ask the customer care agent to escalate (forward) your call to operations staff with the ability and authority to investigate.

Helping Hands

Traffic associated with a single DDoS attacks may originate from hundreds or thousands of attack sources (typically compromised PC or servers). In many cases, your hosting provider or your Internet access provider should act on your behalf (and in self-interest). They will contact “upstream” providers and the ISPs that route traffic from the DDoS attack sources to notify these operators of the nature and suspected origins of the attack. These operators will investigate and will typically revoke routes or take other measures to squelch or discard traffic close to the source.

If you cannot find contacts, or if the contacts you find are unresponsive, try contacting a Computer Incident, Emergency, or Security Incident Response Team (CERT/CIRT/CSIRT), or a Trusted Introducer (TI) team. CERT/CIRT organizations (find a national list here) or TI teams will investigate an attack, notify and share information with hosting providers or ISPs whose resources are being used to conduct the attack, and work with all affected parties to coordinate an effective mitigation.

Should I contact Law Enforcement?

Contact your national law enforcement agency if you believe that a crime is being committed; for example, you should contact law enforcement if your organization received a threat prior to the attack, or received a demand for money in return for not being attacked, or if you believe that critical infrastructure or delivery of a critical service (such as Emergency 911) is threatened.

Contact law enforcement to report a crime, not to mitigate an attack. DDoS attacks are criminal acts in many jurisdictions. By filing a report, you and other victims provide valuable information that may be relevant in any subsequent investigation or prosecution of the attackers.

Provide Good Intel

At an operational level, you, your hosting provider or ISP should gather as much information related to the attack as possible. The Operations Security Trust Forum recommends collecting the following kinds information:

1. Provide as much time information as possible: identify the start of attack, end of attack, whether the attacks are repeated, and whether there are observable patterns or cycles to the attacks.
2. Share any insights or suspicions you have regarding the nature of the attack. Does it appear to correlate with a geo-political event? Did you receive threatening correspondence prior to or during the attack and if so, what was the nature of the threat?
3. Provide detailed traffic information including: type of traffic (ICMP, DNS, TCP, UDP, application), source and targeted IP addresses and port numbers, packet rate, packet size, and bandwidth consumed by the attack traffic.
4. Describe any unique traffic or packet characteristics you observe. Is the attack targeting a particular virtual host or domain? What have you observed from application protocol headers? Have you observed any unusual patterns of flag settings in underlying protocols (TCP, UDP, ICMP, IP)?
5. Identify any changes you observe in the attack over time (i.e., to packet sizes, rates, unique IPs seen per epoch, protocols, etc.). These may be indications that the attacker is reacting to mitigation efforts you or others have implemented.
6. Provide your assessment of the impact; for example, explain whether you are managing the attack using mitigations and assistance, or that your services or performance is {moderately, severely} affected, or that your services have been disrupted entirely.

Don’t Wait Until You Are a Victim

If you have not already prepared a plan to respond to a DDoS attack, please consider doing so. The article Preparing for the (Inevitable) DDOS Attack offers a checklist of contacts, information, and mitigation strategies. Some helpful resources to better understand different kinds of DDoS Attacks, mitigation techniques and how your organization can help reduce the overall threat of these attacks are included below:

• SAC004, Securing The Edge
• SAC008, DNS Distributed Denial of Service (DDoS) Attacks [PDF, 963 KB]
• BCP 38, Network Ingress Filtering
• BCP 140, Preventing Use of Recursive Nameservers in Reflector Attacks
• Protecting the World from YOUR Network
• Mitigating DNS Denial of Service Attacks
• The Worrisome Threat of DNS DDoS Amplification Attacks
• Do More to Prevent DDoS Attacks
• Firewall Best Practices – Egress Traffic Filtering
• Distributed Denial of Service (Attacks/Tools)

As you know, on 7 March, we posted a draft of the 2013 RAA for public comment noting the outstanding differences remaining in the negotiations at that time. Differences that have since been reconciled through many additional hours of meeting and dialogue. ICANN and the Registrar Negotiating Team considered as part of the negotiations the public comments received and resolved all the remaining issues and differences. Now the ICANN community is able to review this final draft before it is approved and adopted. And so, we are posting the final draft of the 2013 RAA for public comment.

I must say that I am extremely delighted with the new spirit of partnership that has evolved between ICANN and the registrar community as a whole. On behalf of ICANN, I would like to express my sincere gratitude to the members of the Registrar Negotiating Team for their tireless efforts and spirited attitudes in getting us to the finish line. A few of them have offered their own reflections on the process and the Agreement.

Matt Serlin, Chair of the Registrar Stakeholder Group:

“On behalf of the entire Registrar Negotiating Team, I am pleased to see negotiations on the 2013 RAA have come to a conclusion after a long process in which both parties worked long and hard to resolve difficult issues. The outcome of these discussions is a new RAA which will be impactful for everyone involved in the DNS industry including every ICANN accredited registrar. We look forward to continuing to work with ICANN as we now move from the negotiations phase to implementing the numerous new requirements contained in the 2013 RAA.”

James Bladel, GoDaddy.com:

“The new 2013 RAA represents over a year’s work between registrars and ICANN Staff, and is an important milestone in the development of the DNS ecosystem. It raises the bar for service providers, provides new tools for law enforcement, and gives registrars long-term stability in their relationship with ICANN.”

Volker Greimann, Key-Systems Group:

“ICANN and the registrars negotiation teams have worked long and hard towards the completion of a 2013 RAA to address the difficult issues put before us. Despite complicated issues, sometimes moving goalposts and further complications were able to conclude the negotiations with a result that we hope will be a great step ahead for the community. I am especially pleased that the negotiated 2013 RAA recognizes the need for fair and balanced exemption process where applicable law prohibits the direct implementation of certain terms within new requirements, such as the data retention specification.”

Rob Hall, Momentous.com:

“It isn’t just the new RAA that is significant, it is the collaborative way it was created.  Those of us who participated saw the dawn of a new day at ICANN, one where getting things done for the community as a whole takes precedence over any single concern.”

In the Security team [https://www.icann.org/security], we see this technical engagement with the community as a key part of delivering on ICANN’s mission to facilitate the security, stability and resiliency of the Internet’s unique identifier systems through coordination and collaboration.

We do this with community partners across the globe, at the request of operators and universities in the Caribbean and the Middle East, in Africa, Asia-Pacific and South America. We have increasing interest among the law enforcement community for this training. The Security team recently conducted DNS training at Europol, at the International Criminal Law Network in the Netherlands, and with other agencies in the United Kingdom. We are exploring opportunities with the Commonwealth Cybercrime Initiative, and have upcoming DNSSEC training in Tunis, Tunisia next week.

The community has an opportunity to tell us what you think of this training, and on ICANN’s security activities by commenting on the FY 14 Security, Stability and Resiliency Framework. The document has been translated into 7 languages, and is open for comment through 20 April 2013 (with a reply comment period to 20 May 2013, 23:59 UTC). Please take some time to read this document, and provide comments.

Here is some testimony from Rick Lamb, one of our team members and a lead on DNSSEC adoption and engagement:

I consider myself fortunate to be able to participate in this space, following in the footsteps (and the beneficiary of the experience pool) of other seasoned ICANN trainers.

Although I have taught in the past, I had forgotten about the heady mixture of fear, happiness and exhilaration that comes from interacting with a classroom full of intelligent, interested students. After typically spending the better part of an intense week together, trusted relationships are forged, giving the students not just technical knowledge, but a sense of being part of the larger Internet community. These relationships clearly benefit everyone involved.

I know that these are familiar sensations for my seasoned colleagues, but I think that sometimes we should be reminded about the not-so-obvious value of training efforts and the importance of these personal interactions toward building and maintaining the international network of trust that keeps the international network we call the Internet running.

Dr. Richard Lamb
Sr. Program Manager, DNSSEC, ICANN

If you are interested in more information on these trainings, our partners at NSRC maintain excellent wiki pages providing past training agendas and materials. An example from the Lebanon training can be found at https://nsrc.org/workshops/2013/nsrc-isoclb-dnssec/.

Photo Credit – Phil Regnauld, NSRC

Photo Credit – Phil Regnauld, NSRC