PIR Launches DNS Abuse Institute To Protect Internet Users From Scourge of DNS Abuse

Public Interest Registry announced Wednesday the launch of the DNS Abuse Institute as part of its ongoing efforts to protect Internet users from the threat of DNS Abuse such as malware, botnets, phishing, pharming and spam.

Domain Name System (DNS) Abuse is, as described by ICANN on their DNS Abuse Mitigation page, malicious activity that “routinely threatens and affects domain name registrants and end-users by leveraging vulnerabilities and features of all aspects of the Internet and DNS ecosystems (protocols, computer systems, domain registration processes, users, etc). When at scale, some of these nefarious activities may threaten the security, stability and resiliency of the DNS infrastructures.”

Abusers can create huge volumes of traffic that result in DNS servers crashing, disrupting the ability of internet users to use the internet. Explaining why DNS abuse is relatively easy, ThreatPost explained in 2019 “the DNS standard was created in the early 1980s, before security was something that people really thought about (SSL 2.0 wasn’t published until 1995). Additionally, cryptographic keys and encryption were very expensive for the underpowered devices of the past millennium to handle.”

“Unfortunately, much has remained the same for DNS since the beginning. New standards have been created to combat DNS abuse, but implementation of these standards has been slow.”

The DNS Abuse Institute will bring together leaders in the anti-abuse space to fund research, publish recommended practices, share data, and provide tools to identify and report DNS Abuse. Graeme Bunton, who has more than a decade of experience working in the DNS and DNS Abuse policy, will serve as the DNS Abuse Institute’s inaugural director. Bunton until recently was an Information Specialist at Tucows, where he worked for 10 years, working in business intelligence, analytics, and reporting.

“The stability and security of the Domain Name System is of paramount importance, and that’s why PIR has been working to address the issue of DNS Abuse for many years,” said Jon Nevett, President and CEO of PIR.

“Today, we take these efforts to a new level with the launch of the DNS Abuse Institute. Under the leadership of inaugural director Graeme Bunton, the Institute will help develop meaningful solutions, practices, and shared knowledge to combat DNS Abuse, not just for .ORG, but across the DNS.”

“I look forward to working with stakeholders across the DNS community to find ways to share best practices, develop collaborative solutions, and develop innovative tools to stop abuse,” said Bunton. “DNS Abuse continues to be a significant challenge, so addressing this issue is more important now than ever.”

The Institute has garnered support from industry heavyweights in support of the institute including the following who recently statements as part of the PIR announcement:

  • “I’d like to congratulate Public Interest Registry for establishing the DNS Abuse Institute, said Göran Marby, President and CEO, ICANN. “We hope it will continue to foster the necessary dialogue across the range of stakeholders who share the goal of combating DNS abuse, and will eagerly follow the Institute’s work as it develops.”
  • “DNS Abuse remains a substantial challenge, and it will take a broad range of stakeholders to come together to address it collaboratively,” said Steve Crocker, Edgemoor Research Institute, Former Chair ICANN. “I want to thank PIR for leading in this space and launching this new Institute. I believe that the DNS Abuse Institute can serve as a central forum for bringing together concerned parties to discuss DNS Abuse and related issues.”
  • “The creation of the DNS Abuse Institute is a natural progression from the foundations laid by the work of the Internet and Jurisdiction Policy Network’s Domains and Jurisdiction Program and the concrete outcomes its Contact Group produces,” said Bertrand de La Chapelle, Executive Director, Internet & Jurisdiction Policy Network. We look forward to working with the Institute to develop further guidance that can be widely adopted to help address abuses through action at the DNS level. Congratulations to PIR on this substantial achievement, and we wish the Institute the best of luck in this worthy endeavour.”
  • “The Global Cyber Alliance is focused on providing businesses and governments the tools they need to slow and stop DNS Abuse,” said Leslie Daigle, Global Technology Officer, Global Cyber Alliance. We see the new Institute as highly complementary to our efforts. It will help bring the DNS community together and build alignment about what needs to be done to fight abuse of the DNS.”

While PIR is not the first registry to recognise the scourge of DNS Abuse, SIDN, the .nl registry, is one that has been making significant efforts to tackle the problem, it is the first to pull together many in the industry in a concerted effort to tackle the problem.

PIR has long been committed to combating DNS Abuse. In 2019, the organisation helped spearhead the Framework to Address Abuse that sets forth registries’ and registrars’ responsibilities when it comes to addressing DNS Abuse. PIR has also launched its Quality Performance Index (QPI) program to use data and KPIs to identify ways to promote and incentive .ORG domain quality and disincentivise abusive registrations.

Now, PIR launches this new Institute to support the broader DNS community as part of its non-profit mission. As part of this initiative, the Institute is forming an advisory council with expert representation from interested stakeholders across issues related to DNS Abuse.

In addition, the Institute will hold its first forum this spring featuring anti-abuse experts:

State of DNS Abuse: Trends from the last three years and current landscape
Tuesday, March 16, 2021
16:00-17:30 UTC

The DNS Abuse Institute will focus on three foundational areas—innovation, collaboration and education:

  • Innovation — The Institute will drive innovation in the DNS when it comes to combating abuse. The Institute will create recommended practices with solutions for registries and registrars of varying sizes and resources, provide qualified parties with funding to conduct innovative research on cybersecurity and DNS Abuse related issues, and develop practical solutions to combat DNS Abuse.
  • Education — The Institute will serve as a resource for all interested stakeholders related to DNS Abuse. This includes maintaining a resource library of existing information and practices regarding DNS Abuse identification and mitigation, promulgating abuse reporting standards (e.g., what is needed for a “good” notification on abuse), and publishing academic papers and case studies on DNS Abuse.
  • Collaboration — The Institute will serve as a networking forum and a central sharing point for all interested stakeholders related to DNS Abuse issues. Collaboration with technical and academic organisations working in the DNS Abuse space, registries, registrars, and security researchers will help enable the entire DNS to be better equipped to fight DNS abuse.

In support of these goals, the Institute has created a support line to help registries and registrars with questions relating to a DNS Abuse issue. This is an opt-in and confidential program provided at no cost.

There is also a blog post by Brian Cimbolic, PIR Vice President, General Counsel and Graeme Bunton, Director of the DNS Abuse Institute, on the launch of the DNS Abuse Institute and what it hopes to achieve on the Institute’s website here.

PIR suggests to learn more about the support line, contact supportline@dnsabuseinstitute.org.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.