Changes

Every type of Internet user has worries over DNS Abuse and the responses to it. For instance, there is an ongoing multistakeholder debate over where to draw the line between technical abuse and content abuse. Moreover, there are technical limits on what each type of stakeholder can do to stop abuse.

Every type of Internet user has worries over DNS Abuse and the responses to it. For instance, there is an ongoing multistakeholder debate over where to draw the line between technical abuse and content abuse. Moreover, there are technical limits on what each type of stakeholder can do to stop abuse.

    

    

===Social Scientists===

===Academics===

[https://apo.org.au/sites/default/files/resource-files/2018-04/apo-nid142116.pdf Criminologists] feel the capacity to regulate DNS abuse is very limited because:  

:*[https://apo.org.au/sites/default/files/resource-files/2018-04/apo-nid142116.pdf Criminologists] feel the capacity to regulate DNS abuse is very limited because:  

# no single global entity is responsible for the regulation of all its aspects;

# no single global entity is responsible for the regulation of all its aspects;

# the [[Multistakeholder Model]] of governance and the distributed administration model allows disagreements and discrepancies;

# the [[Multistakeholder Model]] of governance and the distributed administration model allows disagreements and discrepancies;

# regulation will continue to be reserved for the most egregious infringements.  

# regulation will continue to be reserved for the most egregious infringements.  

Regulation will remain limited until a uniform set of policies to prevent abuse before it happens is enacted.<ref>[https://apo.org.au/sites/default/files/resource-files/2018-04/apo-nid142116.pdf Criminal misuse of the Domain Name System, Australian Institute of Criminology, 2018, pg 13]</ref>

Regulation will remain limited until a uniform set of policies to prevent abuse before it happens is enacted.<ref>[https://apo.org.au/sites/default/files/resource-files/2018-04/apo-nid142116.pdf Criminal misuse of the Domain Name System, Australian Institute of Criminology, 2018, pg 13]</ref>

===Intergovernmental Organizations===

===Intergovernmental Organizations===

* [[NIST#Cybersecurity Framework|Cybersecurity Framework]]

* [[NIST#Cybersecurity Framework|Cybersecurity Framework]]

=====Responding to State-Sponsored Cyberattacks=====

=====Responding to [[Threat Actor|State-Sponsored Cyberattacks]]=====

======Sanctions/Condemnations======

======Sanctions/Condemnations======

* [[SolarWinds#Hacking Attack|SolarWinds Hacking Attack]]: In an executive order issued April 15, 2021, President Biden levied economic sanctions against Russian financial institutions, technology companies, and individuals that participated in this series of hacks that infiltrated nine federal agencies and over 100 private companies.<ref>[https://www.vox.com/recode/22385555/biden-solarwinds-hack-russia-sanctions Biden's SolarWinds Executive Order, Vox]</ref>

* [[SolarWinds#Hacking Attack|SolarWinds Hacking Attack]]: In an executive order issued on April 15, 2021, President Biden levied economic sanctions against Russian financial institutions, technology companies, and individuals that participated in this series of hacks that infiltrated nine federal agencies and over 100 private companies.<ref>[https://www.vox.com/recode/22385555/biden-solarwinds-hack-russia-sanctions Biden's SolarWinds Executive Order, Vox]</ref>

* [[Microsoft#Email Systems Hacking Attack|Microsoft Email Systems Hacking Attack]]: On July 19, 2021, the Biden administration formally condemned but did not inflict sanctions against the Chinese government for working with hackers to breaching Microsoft email systems.<ref>[https://www.nytimes.com/2021/07/19/us/politics/microsoft-hacking-china-biden.html?action=click&module=Spotlight&pgtype=Homepage US Govt Accuses China of Hacking Microsoft, NY Times]</ref>

* [[Microsoft#Email Systems Hacking Attack|Microsoft Email Systems Hacking Attack]]: On July 19, 2021, the Biden administration formally condemned but did not inflict sanctions against the Chinese government for working with hackers to breach Microsoft email systems.<ref>[https://www.nytimes.com/2021/07/19/us/politics/microsoft-hacking-china-biden.html?action=click&module=Spotlight&pgtype=Homepage US Govt Accuses China of Hacking Microsoft, NY Times]</ref>

===Technical Community===

===Technical Community===

:**encourage these same entities to offer services allowing [[IP|Intellectual Property]] rights holders to preventively block infringing domain name registrations.<ref>[https://domainnamewire.com/2022/03/30/business-constituency-weighs-in-on-dns-abuse/ BC weighs in on DNS Abuse, Domain Name Wire]</ref>

:**encourage these same entities to offer services allowing [[IP|Intellectual Property]] rights holders to preventively block infringing domain name registrations.<ref>[https://domainnamewire.com/2022/03/30/business-constituency-weighs-in-on-dns-abuse/ BC weighs in on DNS Abuse, Domain Name Wire]</ref>

:*The [[IPC]] is concerned with the year-on-year growth of online fraud recently due in large part to the Covid pandemic and with trust in the Internet

:*The [[IPC]] is concerned with the year-on-year growth of online fraud recently due in large part to the Covid pandemic and with trust in the Internet

======GAC======

======GAC======

:*The [[GAC]] wants to help law enforcement and regulatory bodies gain access to the contact information of victims as well as bad actors

:*The [[GAC]] wants to help law enforcement and regulatory bodies gain access to the contact information of victims as well as bad actors

======SSAC======

======SSAC======

:*The [[SSAC]] has published several documents on DNS Abuse measurement and mitigation

:*The [[SSAC]] has published several documents on DNS Abuse measurement and mitigation

====IGF====

====IGF====

====DNS Abuse Institute====

====DNS Abuse Institute====

Currently, this newcomer is entirely focused on creating an interoperable framework to reduce DNS abuse. The DNSAI acknowledges there are two options for reducing security threats: proactive and reactive methods. The institute is currently putting more of its energy into developing ''reactive tools'' because they can be used by anti-abuse or compliance personnel without requiring integration in registration platforms and thus, broad buy-in should be easier to secure.<ref>[https://dnsabuseinstitute.org/wp-content/uploads/2021/06/DNS-Abuse-Institute-Roadmap.pdf DNSAI Roadmap pg. 9]</ref>

This newcomer is entirely focused on creating an interoperable framework to reduce DNS abuse. The [[DNS Abuse Institute|DNSAI]] acknowledges there are two options for reducing security threats: proactive and reactive methods. The institute is currently putting more of its energy into developing ''reactive tools'' because they can be used by anti-abuse or compliance personnel without requiring integration in registration platforms and thus, broad buy-in should be easier to secure.<ref>[https://dnsabuseinstitute.org/wp-content/uploads/2021/06/DNS-Abuse-Institute-Roadmap.pdf DNSAI Roadmap pg. 9]</ref>

===Private Sector===

===Private Sector===

====Cybersecurity Providers====

====Cybersecurity Providers====

The [[:Category:Cybersecurity Providers|cybersecurity]] industry is booming and is trying various [[cybersecurity|approaches]] to protect networks and supply chains from data breaches and [[ransomware]] attacks. For instance, [[Prevailion]]'s strategy is to hack the hackers, while [[McAfee]] remains the revenue leader by continuing to churn out cybersecurity software.<ref>[https://www.thesoftwarereport.com/the-top-25-cybersecurity-companies-of-2020/ Top 25 Cybersecurity Companies of 2020, The Software Report]</ref>

The [[:Category:Cybersecurity Providers|cybersecurity]] industry is booming and is trying various [[cybersecurity|approaches]] to protect networks and supply chains from data breaches and [[ransomware]] attacks. For instance, [[Prevailion]]'s strategy is to hack the hackers, while [[McAfee]] remains the revenue leader by continuing to churn out cybersecurity software.<ref>[https://www.thesoftwarereport.com/the-top-25-cybersecurity-companies-of-2020/ Top 25 Cybersecurity Companies of 2020, The Software Report]</ref>

====[[Registries]] and [[Registrar]]s====

====[[Registries]] and [[Registrar]]s====

* In March 2022, [[TWNIC]] and [[DotAsia]] signed an MOU of bilateral collaboration of information exchange and mutual recognition as [[Trusted Notifier]]s. When either TWNIC or DotAsia receives a notification via the Fast Track mechanism that they created, it will be able to immediately take appropriate actions under the domain name registration agreement to reduce the [[cybercrime]] impact.<ref>[https://www.digitimes.com/news/a20220329PR200.html?chid=9 TWNIC and DotAsia establish fast track mechanism to fight DNS abuse, Digitimes]</ref>

* In March 2022, [[TWNIC]] and [[DotAsia]] signed an MOU of bilateral collaboration of information exchange and mutual recognition as [[Trusted Notifier]]s. When either TWNIC or DotAsia receives a notification via the Fast Track mechanism that they created, it will be able to immediately take appropriate actions under the domain name registration agreement to reduce the [[cybercrime]] impact.<ref>[https://www.digitimes.com/news/a20220329PR200.html?chid=9 TWNIC and DotAsia establish fast track mechanism to fight DNS abuse, Digitimes]</ref>