This week’s news that former National Cyber Security Center Director Rod Beckstrom was named as the newest president of ICANN – the Internet Corporation for Assigned Names and Numbers, the Net’s most influential governing body – is a very encouraging sign that we’re living in an era when issues of cyber-security are being given greater consideration than ever before, and with good reason, of course.
Just the fact that someone from the security sector has been elevated to lead ICANN, in a time when the organization is grappling with huge underlying problems related to improving cyber-culture – such as finding a better way to regulate domain registrars to address the spam-driven malware epidemic – has to be seen as a truly positive sign.
And if anyone is familiar with the struggles that face regulatory groups such as ICANN in addressing security challenges reaching across diverse, complex constituencies with many opposing viewpoints, someone like Beckstrom would seem a great pick. The former CEO and management guru eventually walked away from his post at the NCSC – which operates under the auspices of the Department of Homeland Security – after it became painfully clear that the effort did not have sufficient influence or funding to achieve its stated mandate.
When I had the chance to testify before Congress in April, the bulk of my remarks were aimed at citing inefficiencies existing in the manner in which a number of the cyber-security efforts operating under DHS were struggling for those same reasons. I’m not involved in ICANN in any direct way, but it’s been clear that over the years the group has struggled under many similar organizational issues that DHS is dealing with; namely, power struggles carried out among various fiefdoms vying to advance their own agendas without the guidance of a clear charter that allows them to coexist efficiently.
And when it comes to boosting ICANN’s ability to make headway in important matters of security – which include figuring out the best way to manage the planned increase of top-level domains while protecting the interests of businesses worldwide, normalizing domain name language disputes to address related phishing problems, and most importantly, addressing the role of the U.S. government in governing ICANN itself – there’s a lot of heavy lifting ahead.
ICANN appears to be taking positive steps already, as with the updating of its Registrar Accreditation Agreement (RAA) just weeks ago, and its increased efforts to tighten enforcement of those policies to root out the abusive hosting companies that allow for the distribution of much of the world’s spam and malware – many of which operate in nations that have not been active in addressing cybercrime emanating from within their own borders.
For, no matter what role the U.S. is to eventually play in driving the agenda of ICANN, international policy on cyber-crime has to be tackled, and as soon as possible. In some ways this is similar to addressing terrorism. Terrorists do not operate under one sovereign boundary, but across many, and in some cases without nation state sponsorship, and that’s what makes them so hard to track down and stop. The same goes for cyber-criminals.
If we do not have an ICANN in place that wields true influence worldwide, including among those nations that have not been as historically active, an organization that can curry support from key constituents around the globe who will ultimately determine how far policies and laws are enforced, than this whole fight against cyber-crime will continue to be a game of cat and mouse.
It’s my hope that Mr. Beckstrom’s plan for ICANN regarding security will encompass many of the recommendations made in the CSIS report 'Securing Cyberspace for the 44th Presidency' that was published at the end of last year and to which I was a contributor. Namely, those suggestions made in regards to International Engagement and Diplomacy; because, specifically, that’s what we really need.
If the current state of cyber-security, and our lack of ability to move quickly to affect change, has taught us anything, it’s that there truly is a need for global cooperation, and better partnering among key stakeholders, if we’re ever going to make progress.
That’s not to place too much importance on the ability of one man, or single governance body, in helping to move these issues forward.
However, a more dynamic, responsive ICANN could really go a long way toward helping. Let’s hope that’s what we get.
-Tom Kellermann, Vice President of Security Awareness