By Graeme Bunton, Director of the DNS Abuse Institute

The latest cyberattacks on oil pipelines, schools, elections, and food supplies underscore that our global networks are constantly under threat from bad actors.  Combating these threats and online harms requires a greater level of collaboration by the stewards of the Domain Name System (DNS), a fundamental piece of Internet infrastructure.

That’s because DNS Abuse –malware, botnets, phishing, pharming, and spam – presents an ongoing global threat to every country’s national and economic security. In the last months, the DNS Abuse Institute has worked to bring together – both in public forums and individual meetings – leading experts to help guide the creation of a roadmap for combating abuse.

The resulting roadmap created by the DNS Abuse Institute is based on key pillars to combat DNS Abuse: education, collaboration, and innovation. These pillars are the framework through which the Institute has selected key initiatives that aim to reduce DNS abuse as quickly and efficiently as possible.  The Institute recognizes that there are important practical realities to addressing DNS Abuse at the registry and registrar level, primarily the difficulty of implementing solutions that require the alteration of domain registration platforms, as well as ensuring that there are sufficient incentives to adopt new approaches.  

But DNS Abuse impacts more than just registries and registrars, and combating abuse involves more than just mitigation. To that end, you’ll see the DNS Abuse Institute work across our communities to develop and distribute guides, primers, best practices, and webinars on DNS Abuse. These resources will be targeted towards registries and registrars for mitigating abuse, as well as law enforcement, businesses both large and small, intellectual property, Internet security, and end-users.

As the Institute develops these resources, tools, and initiatives, it needs to ensure that it’s engaged with the communities it wishes to serve, and that those communities have ample opportunities to provide input on the work.  This collaborative and integrated approach will be part of Institute working methods. The Institute will also provide the tools and opportunities for partners and community members to work together, share information, and create solutions.

Innovation will start with research and understanding of the DNS Abuse landscape. The Institute needs to have the best data, research, and understanding of DNS Abuse. It needs to provide definitive analysis, as well as opportunities for others to conduct research. The Institute will also need to identify gaps in the DNS Abuse landscape and develop tools to bridge them.

The Institute’s initial programs are aligned around these initiatives:

• The Learn initiative will fulfill the educational mandate of the Institute. The Institute will produce educational content on a regular, consistent basis, resulting in the best DNS Abuse resource library available. This content will include best practices for registries and registrar to mitigate abuse, both preventatively and reactively and for law enforcement, intellectual property interests and end-users.  The Institute will also gather and curate academic research, industry white papers and case studies.

• The Centralized Abuse Reporting Tool (CART) initiative is designed to rectify a gap: there are currently no industry standards on how to implement abuse reporting, what abuse may be reported, and where to report it.  As such, there is a substantial amount of diversity in abuse reporting methods employed by registries and registrars, which can lead to unevidenced reports of abuse, often in duplicate, and frequently unactionable.   These reports fill service queues and require a substantial amount of time and resources to triage. Stakeholders reporting abuse must identify exactly where and how to address abuse reports, across a myriad of registries and registrars with their own mechanism and evidence requirements. To solve these issues the DNS Abuse Institute will build a centralized abuse reporting tool.

• Through the DNS Abuse Intelligence initiative, the Institute will offer real-time understanding of the DNS Abuse landscape. The Institute intends to build its own DNS Abuse Intelligence platform to publish DNS Abuse statics by registrar, registry, and TLD, including both ccTLDs and gTLDs. The information will be based on evidenced data that measures persistence as well as existence and distinguishes between compromised websites and malicious registrations.

Given the fluidity of DNS Abuse, the Institute’s roadmap will have to be both visionary and nimble. That means setting longer-term aggressive, but achievable, goals for the Institute, by which our success may be measured. But it also means constantly evaluating the abuse landscape and adapting to new issues and threats.

We have help keeping us aligned towards both those concrete goals and new developments. The Institute recently announced a stellar Advisory Council made up of industry experts to provide insight, guidance, and criticism on Institute projects and initiatives. This Council is vital because given the work of the Institute has implications for the security of the entire Internet, for the business practices of registrars and registries both large and small, and for end-users around the world, it must be rooted in trust, transparency, and security.

This is an ambitious and bold agenda.

But it comes down to achieving three objective goals for the Institute: becoming the definitive source for DNS Abuse education and resources, serving a respected source for DNS Abuse intelligence, and developing innovations that are widely adopted and valued by the community. 

It’s only by being bold that the Institute, and the greater industry, can truly combat DNS Abuse together.

You can view the Roadmap here: https://dnsabuseinstitute.org/wp-content/uploads/2021/06/DNS-Abuse-Institute-Roadmap.pdf

You can provide comments or feedback on the roadmap here:  https://forms.gle/yMDcqFTJ8T4drG227