DNS Abuse –malware, botnets, phishing, pharming, and spam – is a growing and ongoing global threat to every country’s national and economic security. In the last months, the DNS Abuse Institute has worked to bring together – both in public forums and individual meetings – leading experts to help guide the creation of a roadmap for combating abuse.
The resulting roadmap created by the DNS Abuse Institute, explained the Institute’s Director Graeme Bunton in a post on their website in mid-June, “is based on key pillars to combat DNS Abuse: education, collaboration, and innovation. These pillars are the framework through which the Institute has selected key initiatives that aim to reduce DNS abuse as quickly and efficiently as possible. The Institute recognizes that there are important practical realities to addressing DNS Abuse at the registry and registrar level, primarily the difficulty of implementing solutions that require the alteration of domain registration platforms, as well as ensuring that there are sufficient incentives to adopt new approaches.”
As Bunton explains, “DNS abuse impacts more than just registries and registrars, and combating abuse involves more than just mitigation. To that end, you’ll see the DNS Abuse Institute work across our communities to develop and distribute guides, primers, best practices, and webinars on DNS Abuse. These resources will be targeted towards registries and registrars for mitigating abuse, as well as law enforcement, businesses both large and small, intellectual property, Internet security, and end-users.”
“Innovation will start with research and understanding of the DNS Abuse landscape. The Institute needs to have the best data, research, and understanding of DNS Abuse. It needs to provide definitive analysis, as well as opportunities for others to conduct research. The Institute will also need to identify gaps in the DNS Abuse landscape and develop tools to bridge them.”
“The Institute’s initial programs are aligned around these initiatives:
- The Learn initiative will fulfill the educational mandate of the Institute. The Institute will produce educational content on a regular, consistent basis, resulting in the best DNS Abuse resource library available. This content will include best practices for registries and registrar to mitigate abuse, both preventatively and reactively and for law enforcement, intellectual property interests and end-users. The Institute will also gather and curate academic research, industry white papers and case studies.
- The Centralized Abuse Reporting Tool (CART) initiative is designed to rectify a gap: there are currently no industry standards on how to implement abuse reporting, what abuse may be reported, and where to report it. As such, there is a substantial amount of diversity in abuse reporting methods employed by registries and registrars, which can lead to unevidenced reports of abuse, often in duplicate, and frequently unactionable. These reports fill service queues and require a substantial amount of time and resources to triage. Stakeholders reporting abuse must identify exactly where and how to address abuse reports, across a myriad of registries and registrars with their own mechanism and evidence requirements. To solve these issues the DNS Abuse Institute will build a centralized abuse reporting tool.
- Through the DNS Abuse Intelligence initiative, the Institute will offer real-time understanding of the DNS Abuse landscape. The Institute intends to build its own DNS Abuse Intelligence platform to publish DNS Abuse statics by registrar, registry, and TLD, including both ccTLDs and gTLDs. The information will be based on evidenced data that measures persistence as well as existence and distinguishes between compromised websites and malicious registrations.
“Given the fluidity of DNS Abuse”, Bunton writes “the Institute’s roadmap will have to be both visionary and nimble. That means setting longer-term aggressive, but achievable, goals for the Institute, by which our success may be measured. But it also means constantly evaluating the abuse landscape and adapting to new issues and threats.”
To guide the Institute, there is a “a stellar Advisory Council made up of industry experts to provide insight, guidance, and criticism on Institute projects and initiatives. This Council is vital because given the work of the Institute has implications for the security of the entire Internet, for the business practices of registrars and registries both large and small, and for end-users around the world, it must be rooted in trust, transparency, and security.”
Bunton believes “this is an ambitious and bold agenda.”
“But it comes down to achieving three objective goals for the Institute: becoming the definitive source for DNS Abuse education and resources, serving a respected source for DNS Abuse intelligence, and developing innovations that are widely adopted and valued by the community.”
“It’s only by being bold that the Institute, and the greater industry, can truly combat DNS Abuse together.”
The institute has published their Roadmap here: https://dnsabuseinstitute.org/wp-content/uploads/2021/06/DNS-Abuse-Institute-Roadmap.pdf
Comments or feedback on the roadmap can be provided here: https://forms.gle/yMDcqFTJ8T4drG227
The full post by Graeme Bunton, Director of the DNS Abuse Institute, is available from https://dnsabuseinstitute.org/the-dns-abuse-institute-roadmap/