The Internet Corporation for Assigned Name and Numbers (ICANN) and the Taiwan Network Information Center (TWNIC) recently hosted their third “ICANN APAC-TWNIC Engagement Forum” discussing the nature of the internet as well as its goals in realizing public interest. Participants could attend the two-day forum in-person or virtually, during which three major issues of domain names, internet maintenance, and internet security were discussed. Experts highlighted areas for reflection and future development possibilities of the global internet as well as the role of local organizations in the internet ecosystem.
To welcome the annual event, Vinton Cerf, one of the fathers of the internet, expressed his gratitude to the participants in his opening speech, noting how “we know that the proper management of unique identifiers of the internet—domain names and IP addresses—are vital to the successful functioning of the internet. [Everyone’s efforts] are so much appreciated by all in the hope for the continued successful expansion of the internet, its access, and its utility. [There are many] issues arising now and with the use of this platform, I’m sure many of you will be thinking about that and trying to figure out how to make the internet a safer and more effective place in which to work.”
CSC’s Alban Kwan, regional director for East Asia, participated in three panel discussions with distinguished peers in the internet industry.
Domain name plenary: next round of new gTLD
The panelists shared their views on the current status and outlook of the next round of new gTLDs, providing practical advice, application perspectives, and future prospects.
There’s been growth in the adoption of new generic top-level domains (gTLDs) since its inception, and panelists shared various use cases by companies using a .BRAND. They noted that there’s a financial investment associated with .BRANDs that organizations need to factor in when considering the next round, yet there are significant long-term benefits when .BRANDs are used strategically and creatively.
Alban highlighted exclusivity, security, and creative marketing as some positives to owning a .BRAND. And he shared his observation about how the first round of .BRANDs were primarily driven by legal teams for brand protection reasons, but that in the next round of new gTLDs, more marketing and business stakeholders need to be involved in the early stages of planning and development to reap the full potential.
Security plenary: Jurisdiction on domain name abuse
The panel focused on security as a key issue in domain name abuse, with speakers representing registries, registrars, legal institutions, and the DNS Abuse Institute.
ICANN board member, Edmon Chung, shared how domain name system (DNS) abuse is not new, however it has gained greater awareness, and discussions have intensified in recent years. Data shows that security controls offered by registries, registrars, and those in the industry, do have a positive impact in mitigating these threats.
Alban outlined his experience on the challenges the corporate world faces in tackling DNS abuse more aggressively, as there is a lack of commercial drive to address the issues among competing business priorities. He introduced the Trusted Notifier as a means to increase efficiencies, as well as reduce cost and risk in addressing DNS abuse.
CERT/CC track: Cyber threat and vulnerability handling
This session focused on the practice and cases of network threats and vulnerability handling. The speakers presented various aspects of cyber threats from hacking activities observed in honeypots, abuse on the inter-network, and identifying the right time for threat disclosure through the Coordinated Vulnerability Disclosure (CVD) mechanism. The experts also provided strategies to deal with different threats, and presented applicable recommendations.
Alban shared the difference between the types of threats found in the network where mitigation is characterized by zero-trust vulnerability, compared to the threats found in the inter-network that is typically characterized by identity abuse carried out by hackers—such as domain spoofing, DNS hijacking, and phishing attacks—to carry out further attacks to inject malware or ransomware.
He recommends a defense-in-depth approach to secure your online identity, technology to monitor identity abuse, and an operational defense with legal and security teams.