Public Comment is a vital part of our multistakeholder model. It provides a mechanism for stakeholders to have their opinions and recommendations formally and publicly documented. It is an opportunity for the ICANN community to effect change and improve policies and operations.
هذا المحتوى متوفر فقط باللغة (أو اللغات)
Definition of terms.
gTLD owner: Any individual or organisation that has leased or owns a gTLD.
I agree that gTLDs are most susceptible to attacks due to their seamless acceptance and trust gained from citizens and governments.As a core backbone of the domain systems,attackers may not cause damage to gTLDs but use these domains as a medium to facilitate attacks.Hackers no longer use lengthy strings of domains and unreadable characters to lure victims as such will cause suspicion due to increased end user training and capacity building on internet technologies. As thus mentioned, attackers constantly seek to conduct reconnaissance using trusted gTLDs and https enabled gTLDs. This technical level of impersonation has lured many internet users to trusting sites unawares of the consequences. As such it is critical to look into this from the COBIT (Control Objectives in Business Information Technology) perspective. Each process needs to be managed with clear goals and established implementation methodologies to enhance accountability at both technology level and people level.
It is crucial to hold everyone in the gTLD chain accountable for specific role and purpose. Below is an approach for such a model.
Ownership/ assets
Every company or organisation has to clearly understand and document the gTLDs they are in possession of regardless of their state. Here, state refers to those in active or inactive mode, in use or expired/ terminated.
Monitoring
Every organisation owning a gTLD must implement a process, hereby referred to as a technology process to monitor the assets hereby referred to as gTLD they are in possesion of in their environments. Each abuse needs to be monitored separately and proper remediation methods implemented as per SLA.
Risk management
gTLD owners must conduct risk assessment and formulate risk owners and their roles. As part of this, all identified risks must be corrected and report provided timely. The risks and abuse outlined in the advisory must have distinct mitigation measures and reporting tools.
Reporting
gTLD owners must report in a transparent way to ICANN first at then to the public indicating issues and remediation or mitigation measures applied to manage the risk. On the other hand all internet users needs to be allowed to report anonymously and in cases where their data is required, clear data regulations must be applied.
As the advisory has covered these in high level view it is crucial for technology owners to clearly and in detail implement the proposed measures against risks identified.
The concept of DNS abuse is broad. DNS abuse facilitates cyber attacks and as such everyone in the DNS chain must be accountable. Thus foresaid, a clear model needs to be implemented to manage DNS processes as gTLDs are used as the first asset to conduct cyber crime.