NetBeacon Institute

(Redirected from DNS Abuse Institute)
Type: Non-profit organization
Industry: Security and Investigations
Founded: 2021
Employees: 2-10
Website: https://netbeacon.org/
LinkedIn: https://www.linkedin.com/company/netbeacon-institute/
Twitter: @https://x.com/dns_abuse
Key People
Graeme Bunton (Executive Director); Rowena Shoo (Director of Programs and Policy)

The NetBeacon Institute (formerly the DNS Abuse Institute) was created by the Public Interest Registry (PIR), the registry operator for the .ORG top-level domain, to develop initiatives to generate recommended practices, foster collaboration, and find industry-shared solutions to combat malware, botnets, phishing, pharming, and related spam.[1] Its mission is focused on helping simplify and enhance DNS Abuse reporting while helping the Internet community better understand, measure, and, ultimately, mitigate abuse across the DNS. To make it happen, the Institute provides free resources and tools, establishes best practices, funds DNS research, and shares data in an effort to create a safer Internet for all.[2]

As DNS Abuse Institute edit

The Institute was founded in 2021 in furtherance of PIR’s nonprofit mission, under the idea that while progress on DNS Abuse has been made across the industry, not all registries and registrars have access to the same level of resources to combat DNS Abuse. Given this gap and a more general need for innovation, education, and collaboration on DNS Abuse across its many stakeholders, PIR founded the DNS Abuse Institute. The Institute is fully funded and supported by PIR. However, it is claimed that the work of the Institute is outwardly focused and there is functional separation between the Institute and PIR which ensures the Institute is empowered to make independent decisions, and plays no role in addressing abuse issues in .ORG, or any other PIR TLD.[1]

As NetBeacon Institute edit

The Institute was renamed on May 6, 2024 to NetBeacon Institute. According to the official website, this renaming reflects the Institute’s continued vision and commitment to provide innovative solutions in the fight against DNS Abuse. Some of the Institute programs also had their names changed [3], namely NetBeacon Reporter and NetBeacon MAP.

Programs edit

NetBeacon Reporter edit

Main article: NetBeacon Reporter

Initially launched in June 2022, NetBeacon Reporter is a free tool that simplifies DNS Abuse reporting for individuals and organizations and provides domain registrars with the information and tools they need to act confidently.[4] That way, NetBeacon Reporter seeks to empower individuals and organizations to report suspected DNS Abuse and also provides registrars and registries with higher fidelity abuse reports to act upon. CleanDNS, an anti-abuse solution provider which has continuously collaborated with the Institute, donated the technology behind the program. NetBeacon Reporter has rapidly grown since its launch, from handling hundreds of abuse reports in its first year to tens of thousands in its second. [3]

NetBeacon MAP edit

Main article: NetBeacon MAP

NetBeacon Measurement and Analytics Platform (MAP), initially launched in September, 2022 as DNSAI: Compass, is the Institute’s initiative to measure phishing and malware. The most recent offerings were developed following hundreds of one-to-one meetings and collaborative discussions with registries and registrars:[3]

  • The NetBeacon MAP: Monthly Analysis report identifies registrars and Top Level Domains with the highest and lowest levels of malicious abuse concentrations in their zones.
  • NetBeacon MAP: Dashboards are dashboards for registries and registrars, which provide an academically rigorous free benchmarking metric to compare over time and between industry peers. The dashboards display how much phishing and malware is concentrated in the zones the registries and registrars manage, how much was mitigated, and how quickly. They also provide details on whether the domain was maliciously registered, or related to an issue of a compromised website; This informs whether mitigation action at the DNS level is appropriate. NetBeacon MAP: Dashboards help operators optimize efforts to communicate progress and improve collaboration internally and externally to better combat threats.[3]

NetBeacon and ICANN edit

On the GAC Communiqué from ICANN 70, dated March, 2021, on the DNS Abuse session, we have that “DNS Abuse should be addressed in collaboration with the ICANN community and ICANN org prior to the launch of a second round of New gTLDs”, and that “The GAC welcomes the recently-launched DNS Abuse Institute and encourages community efforts to cooperatively tackle DNS Abuse in a holistic manner” [5]. GAC cites the Institute again in the Communiqué from ICANN 72, on November, 2021, saying the GAC follows developments in the area of voluntary measures against DNS Abuse with interest; an example being the work of the then called DNS Abuse Institute [6].

In February 2022, the GNSO Council tasked a small team consisting of Council members to consider what policy efforts, if any, the GNSO Council should consider undertaking to support the efforts already underway in the different parts of the community to tackle DNS abuse [7]. As part of its deliberations, the small team, named "Small Team on Domain Name System (DNS) Abuse" and chaired by Mark Datysgeld and Paul McGrady, performed outreach to interested community groups to better understand what DNS abuse related issues need to be addressed specifically via gTLD policy development, including the DNS Abuse Institute, asking for input on what problems [8] policy development specifically is needed to mitigate, if any, as well as the expected outcomes if policy development would be undertaken [9]

The Institute responded with a letter on April, 2022, which, in summary, suggested that the GNSO Council could significantly influence policy development in this area. They recommended adopting a series of focused, sequential Policy Development Processes (PDPs) targeting specific aspects of clear-cut DNS Abuse, which was believed could lead to incremental but substantial changes in addressing such issues. The Institute emphasized the need for a deep understanding of DNS Abuse symptoms, causes, and potential remedies before policy-making and advocates for starting with widely agreed upon forms of DNS Abuse to avoid the complexities and delays associated with broad definitional disagreements. They proposed practical, narrow-scoped PDPs on malicious registrations related to malware, phishing, and botnets, emphasizing that these should align with ICANN’s remit and avoid broader issues of content regulation. The goal would be to effectively reduce DNS Abuse while minimizing the impact on legitimate domain registrants, leveraging gained expertise for potentially more complex future issues [10].

The small team on DNS Abuse delivered their report in October, 2022, [11] and it was later accepted by the GNSO Council [12].

On ICANN 73, the Institute’s president, Graeme Bunton, moderated a plenary session named “Evolving the DNS Abuse Conversation”, explored the distinction between compromised and maliciously registered domain names and discussed the evolving industry response to Domain Name System (DNS) abuse. Participants had the opportunity to interact with industry representatives and community members to discuss mitigation strategies [13].

The Institute commented that shortly after ICANN 73, ICANN produced a retrospective on the last four years of DNS Abuse trends named Domain Abuse Activity Reporting (DAAR) and that, drawing on its data, it paints an interesting picture of DNS Abuse over time, and one that they haven’t seen clearly before, and that this sort of work that would enable the Institute and the ICANN community to focus its work on where it’s most needed [14].

On July, 2023, the Institute expressed support for the proposed amendments to ICANN’s Base gTLD Registry Agreement (RA) and Registrar Accreditation Agreement (RAA) regarding DNS Abuse. They commended ICANN and the contracted parties for their quick action and shared commitment to addressing DNS Abuse. The amendments introduced a clear requirement to mitigate malicious domain registrations, which the DNS Abuse Institute viewed as significant progress [15].

ICANN hosted "A Day of Domain Name System Abuse Discussions" in Da Nang, Vietnam, on 4 September 2023. The hybrid event was part of several technical workshops that included the ICANN DNS Symposium and OARC 41. The sessions, developed in collaboration with the DNS Abuse Institute, were designed to explain the proposed amendments and then highlight different aspects of combating DNS abuse. The event's goal was for participants to gain a solid understanding of the proposed obligations and new tools to give them the confidence to support the pending contractual amendments and better combat DNS abuse [16].

On January 21, 2024, the ICANN Board approved new contractual obligations for registries and registrars related to DNS Abuse. The Institute is, as of 2024, considering their role in this development, as there has been discussion about how the community of people interested in DNS Abuse can assess their effectiveness. The Institute, with their partner KOR Labs, has been collecting data since May 2022, that they believe will be crucial to measuring the impact of the amendments. Over time, they have the goal of helping answer a number of key questions compared to their pre-amendment baseline data:

  • How are rates of DNS Abuse changing, and are they different from before the amendment?
  • Are DNS Abuse concentration rates changing (e.g., between different registrars, from gTLDs to ccTLDs, and others)?
  • How are abuse mitigation rates changing for maliciously registered domain names?
  • Is the amount of time for abuse to be mitigated changing?
  • Are the rates of malicious registrations vs. compromised websites changing? [17]

Over the months following the implementation of the changes, effective from April 5, 2024 [18], they intend to add more details to their existing reporting, and provide an analysis on the changes to the data that have emerged which could indicate the impact of the amendments [19].

Leadership edit

The Institute is driven by Graeme Bunton and Rowena Schoo. The Advisory Council counts with expert representation from interested stakeholders related to DNS Abuse, such as gTLD registries, ccTLD registries, registrars, security researchers, and academics on issues related to DNS Abuse. Current Advisory Council members include:

References edit

  1. 1.0 1.1 About the Institute
  2. https://netbeacon.org/
  3. 3.0 3.1 3.2 3.3 Renaming
  4. https://netbeacon.org/reporting/
  5. https://gac.icann.org/advice/communiques/public/ICANN70%20GAC%20Communique-ar1.pdf?language_id=1
  6. https://gac.icann.org/file-asset/public/icann72-gac-communique-en.pdf?language_id=1
  7. https://community.icann.org/display/gnsocouncilmeetings/Final+Proposed+Agenda+2022-11-17
  8. https://community.icann.org/display/gnsocouncilmeetings/Final+Proposed+Agenda+2022-10-20_
  9. https://community.icann.org/display/gnsocouncilmeetings/Final+Proposed+Agenda+2022-11-17
  10. https://netbeacon.org/dnsai-response-gnso-small-team-dns-abuse/
  11. https://community.icann.org/display/gnsocouncilmeetings/Final+Proposed+Agenda+2022-10-20
  12. https://community.icann.org/display/gnsocouncilmeetings/Final+Proposed+Agenda+2022-11-17
  13. https://meetings.icann.org/en/meetings/icann73/icann73-policy-outcome-report-29mar22-en.pdf
  14. https://netbeacon.org/dnsai-newsletter-april-2022/
  15. https://www.icann.org/es/public-comment/proceeding/amendments-base-gtld-ra-raa-modify-dns-abuse-contract-obligations-29-05-2023/submissions/dns-abuse-institute-20-07-2023
  16. https://www.icann.org/en/blogs/details/icanns-day-of-dns-abuse-discussions-draws-more-than-125-participants-27-09-2023-en
  17. https://netbeacon.org/measuring-icann-dnsabuse-amendments/
  18. https://rrsg.org/wp-content/uploads/2024/02/RAA-DNS-Abuse-Amendments-next-steps-Feb-2024.pdf
  19. https://netbeacon.org/measuring-icann-dnsabuse-amendments/
  20. https://netbeacon.org/the-institute/