DNS Abuse Responses
DNS Abuse Responses are the various tools, methods, collaboration, and philosophies spawning from DNS Abuse itself.
Overview edit
There are four time-related categories of responses to DNS Abuse:
- reactionary detection and removal of sources of abuse (necessarily after the fact),
- cotemporal efforts to mitigate the amount and likelihood of abuse or its impact,
- future-focused work on stopping abuse before it can happen, and
- ongoing allowance of abuse for ideological or jurisdictional reasons.
Response Option Examples edit
Reactionary Removal edit
Cotemporal Mitigation edit
Future Prevention edit
Intentional Inaction edit
Points of View edit
Every type of Internet user has worries over DNS Abuse and the responses to it. For instance, there is an ongoing multistakeholder debate over where to draw the line between technical abuse and content abuse.
Social Scientists edit
Governments/Intergovernmental Organizations edit
IGO responses generally see DNS Abuse as a facet of Cybercrime. Government responses tend to focus on what can be adjudicated; include content abuse, such as child pornography; and outline how and when electronic evidence can be collected.
Objectives edit
Pro-Mitigation edit
Pro-Privacy edit
- Pro-privacy legislation, such as the GDPR, limits access to natural persons' data.
Government Responses edit
Domestic Legislation edit
In the U.S., cybersecurity legislation thus far has focused on standardizing and formalizing preventative measures.[1] Congress passed
- The Federal Information Security Management Act of 2002
- The Cybersecurity Enhancement Act of 2014 (CEA)
- The Cybersecurity and Infrastructure Security Agency Act of 2018
Case Type edit
Civil edit
Criminal edit
Responding to State-Sponsored Cyberattacks edit
- SolarWinds Hacking Attack
- Microsoft Email Systems Hacking Attack On July 19, 2021, the Biden administration formally condemned but did not inflict sanctions against the Chinese government for working with hackers to breaching Microsoft email systems.[2]
Technical Community edit
Internet Governance Organizations edit
ICANN edit
So far, ICANN has been steadfast in its focus on technical DNS abuse and avoidance of policymaking around content abuse. ICANN's determination of the org's definition for DNS Abuse is based on the work product of GAC and the base gTLD Registry Agreement. Thus, ICANN considers DNS security threats to be limited to attacks involving phishing, malware, botnet command and control, pharming, and spam as a vector.[3] As recently as ICANN 71, the ICANN board was criticized by members of the ALAC, the BC, and other Internet Governance bodies for not doing enough to steward contracted parties and non-contracted parties toward involvement in reducing abuse. However, ICANN and SSAC, in particular, have begun pointing to SAC115 and DAAR as evidence of their work on addressing DNS abuse.
IGF edit
DNS Abuse Institute edit
Currently, this newcomer is entirely focused on creating an interoperable framework to reduce DNS abuse. The DNSAI acknowledges there are two options for reducing security threats: proactive and reactive methods. The institute is currently putting more of its energy into developing reactive tools because they can be used by anti-abuse or compliance personnel without requiring integration in registration platforms and thus, broad buy-in should be easier to secure.[4]
Private Sector edit
Registars edit
Registries edit
BC edit
The business community wants
IP edit
Intellectual property lawyers
ISPCP edit
Internet Service and Connectivity providers
Reputation Industry edit
End Users edit
End users, even those who work in the DNS industry, need help managing DNS Abuse mainly because of the timeless effectiveness of Social Engineering Attacks. For instance, at the end of 2020, GoDaddy notoriously tested its workers to see if they would share sensitive information after clicking on dubious links from a spoofed email.[5]