Many problem-solving processes say that to solve a problem, the first step is to accurately define it. The International Trademark Association (INTA) did just that earlier this year when they announced their board of directors adopted a resolution whereby they defined domain name system (DNS) abuse with the help of their constituents. One of the experts that helped INTA define DNS abuse was a CSC colleague of mine, Vincent D’Angelo, who served as sub-committee chairperson for the DNS Abuse & Cybersecurity sub-committee at INTA. I’m proud to say there were multiple references to CSC’s digital brand abuse insights within the resolution, as CSC proudly advocates for a better way to fight cybercriminals.
INTA’s resolution specified that DNS abuse includes “any activity that makes, or intends to make, use of domain names, the [DNS] protocol, or any digital identifiers that are similar in form or function to domain names to carry out deceptive, malicious, or illegal activity.” According to INTA, this definition showcases DNS abuse as a threat to global enterprises and consumers—often involving the misuse of brands, trademarks, and related IP—the resolution fine tunes the definition to clarify the concept within the private sector, provide protections for consumers and brand owners, account for emerging technologies, and advance a standard definition which allows brand owners to protect their brands when they’re targeted.
Fraudsters use malicious domains (e.g., homoglyphs or confusingly similarly named domains or subdomains) and email spoofing to commit fraud and intellectual property abuse—and at some point, we have to ask ourselves why this is so easy to do. Both CSC and INTA welcome other companies to join in support of INTA’s resolution.
The more we all coalesce around a common definition, the better chance we have to take meaningful action to curb this internet plague of DNS abuse. There’s no silver bullet here, and mitigating DNS abuse is not any one stakeholder or group’s responsibility. It will take governments, advocacy groups, policy-making bodies, security professionals, and private sector entities—among others, to move their focus from defining the problem to taking urgent action against the problem within their sphere of influence. From higher standards and increased compliance1 in top-level domains, to increased government regulation mandating domain security controls to cybersecurity insurance underwriters baking in enterprise-class best practices for DNS hygiene into premium decisions, there must be a multi-pronged, multi-stakeholder approach to make a real impact.
To help build awareness and advocate for the INTA definition of DNS abuse, contact us using this form to let us know of your interest.
1 For example, “DNS Abuse: A Litmus Test for ICANN,” Circle ID, Bertrand de La Chapelle, executive director, Internet and Jurisdiction Policy Network, June 14, 2023. https://circleid.com/posts/20230614-dns-abuse-a-litmus-test-for-icann