Category: Trust

Watch Live On Monday, 25 June – DNSSEC Workshop at ICANN 62 in Panama

With the DNSSEC Root Key Rollover coming up on October 11, how prepared are we as an industry? What kind of data can we collect in preparation? What is the cost benefit (or not) of implementing DANE? What can we learn from an existing rollover of a cryptographic algorithm?

All those questions and more will be discussed at the DNSSEC Workshop at the ICANN 62 meeting in Panama City, Panama, on Monday, June 25, 2018. The session will begin at 9:00 and conclude at 12:15 EST (UTC-5). [Note: this is one hour different than current US Eastern Daylight Time – Panama does not change to daylight savings time – and so this will begin at 10:00 EDT (UTC-4).]

The agenda includes:

  • DNSSEC Workshop Introduction, Program, Deployment Around the World – Counts, Counts, Counts
  • Panel: DNSSEC Activities and Post Key Signing Key Rollover Preparation
  • DANE: Status, Cost Benefits, Impact from KSK Rollover
  • An Algorithm Rollover  (case study from CZ.NIC)
  • Panel: KSK Rollover Data Collection and Analysis
  • DNSSEC – How Can I Help?
  • The Great DNSSEC/DNS Quiz

It should be an outstanding session!  For those onsite, the workshop will be in Salon 4, the ccNSO room.

Lunch will follow. Thank you to our lunch sponsors: Afilias, CIRA, and SIDN.


The DNSSEC Workshop will be followed by the “Tech Day” set of presentations from 13:30 – 18:30 EST. Many of those may also be of interest. They will also be streamed live at the same URL.

As this is ICANN’s smaller “Policy Forum” schedule, there will not be either the “DNSSEC for Everybody” session nor the “DNSSEC Implementer’s Gathering” as there is at the other two ICANN meetings each year. Also, as I am not able to travel to ICANN 62, I want to thank Jacques Latour for stepping in to help with the usual presenting and emceeing that I do.

Please do join us for a great set of sessions about how we can work together to make the DNS more secure and trusted!

If you would like more information about DNSSEC or DANE, please visit our Start Here page to begin.

Image credit: ICANN

The post Watch Live On Monday, 25 June – DNSSEC Workshop at ICANN 62 in Panama appeared first on Internet Society.

Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security

Today the tech media is focused on the announcement of two security vulnerabilities, nicknamed Meltdown and Spectre, that are found in almost all CPUs used in modern devices. Mobile phones, laptops, desktop computers, cloud services, and Internet of Things (IoT) devices are all vulnerable.

There are many articles being published on this topic. The best source of information I’ve found is this site by the security researchers at the Graz University of Technology:

https://meltdownattack.com/

At the bottom of that page are links to the security blog posts, advisories, and other statements from companies and organizations across the industry. In an excellent example of the principles of Collaborative Security, the announcement was coordinated with the release of patches and updates for a wide range of operating systems and devices.

For readers wanting a deeper technical dive, the site from Graz University has links to multiple academic papers. Google’s Project Zero team also published a detailed technical analysis.

From our perspective, today’s news highlights a couple of points:

  • Keeping up to date on patches is critical. We each need to ensure that we upgrade our own systems and devices. If we work for organizations/companies, we need to ensure that processes are in place for patches to be applied rapidly. Vigilance is critical.
  • “Upgradeability” is necessary. We’ve mentioned this particularly in the IoT context, but devices need to be able to be upgraded. They can’t just be distributed or sold to people without some mechanism for updates. We see approaches such as the Online Trust Alliance IoT Framework as critical to help on this issue.
  • Independent security research is essential. These vulnerabilities were discovered by different groups of researchers at companies, security firms, and universities. If we didn’t have people doing this research for the benefit of all of us, we would be open to attacks by those who might find these vulnerabilities and exploit them for malicious purposes.
  • Collaborative security is the key. Sharing this research – and coordinating activity across the industry – is critical to ensuring a secure and trusted Internet.  We need the kind of collaboration shown today to be the norm across the industry.

The key point right now for everyone reading this is simply this: get out there and patch your systems! Don’t delay installing the latest security updates for your computers, mobile phones and other devices.

Each of us play a critical role in ensuring the security of an open, global and trusted Internet!

The post Meltdown and Spectre: Why We Need Vigilance, Upgradeability, and Collaborative Security appeared first on Internet Society.

EuroDIG 2017: ISOC Speaks on Cybersecurity, Blockchain, Human Rights, IoT, Internet Shutdowns and more

How do we create a more secure and trusted Internet within the multistakeholder model of Internet governance? That will be among the many questions addressed this week at the European Dialogue on Internet Governance (EuroDIG) in Tallinn, Estonia. From June 5-7, we will have an Internet Society team on site participating in many sessions. Our EuroDIG 2017 page has all the details – including links to live video streams – but at a high level here are some of the workshops we are participating in:

  • Plenary panel on cybersecurity
  • New business models and the Internet
  • Blockchain technology and internet governance
  • Community connectivity: empowering the unconnected
  • Criminal justice on the Internet – identifying common solutions
  • Workshop on human rights and IoT
  • Internet content blocking: from collateral damages to better solutions
  • Stress testing the multistakeholder model in cybersecurity
  • Drowning in data – digital pollution, green IT, and sustainable access
  • Forced data localization and barriers to cross-border data flows: toward a multistakeholder approach

Again, view our EuroDIG 2017 event page to see exact times and live stream links.

To stay up on our activities, you can follow us on social media – and follow the hashtags #eurodig17 and #eurodig on Twitter.

Please do say hello to our staff in the sessions – and tell us how you think we need to work together to build a stronger Internet and #ShapeTomorrow.

The post EuroDIG 2017: ISOC Speaks on Cybersecurity, Blockchain, Human Rights, IoT, Internet Shutdowns and more appeared first on Internet Society.

Webinar – May 18 – WannaCry Ransomware: Why is it happening and (how) is it going to end?

What is happening with the WannaCry ransomware that has been attacking unpatched Windows computers around the world? How will it all end? What do we need to do collectively to deal with attacks like this? (Hint: Read Olaf’s post.)

To learn more and pose questions to a panel of experts, you can join our partners at the Geneva Internet Platform and Diplo Foundation for a webinar on “Decrypting the WannaCry ransomware: Why is it happening and (how) is it going to end?

  • Thursday, May 18 at 11:00 UTC (13:00 CEST) 

Read more on the event page – and register for free.

Our Niel Harper, author of the recent post ”6 Tips for Protecting Against Ransomware“, will participate as one of the panelists.

As noted in the session abstract:

The webinar will provide an analysis of the main technological, geopolitical, legal, and economic aspects of the ransomware. Experts from different fields will discuss why ransomware has become a major issue. Can such attacks be prevented by technological measures alone? Is there a need for a legal response, such as Microsoft’s proposal for the Digital Geneva Convention? Is raising more awareness among users the ultimate solution?

The webinar will discuss whether it is possible to put a stop to malicious software, or whether they should be considered the price we have to pay for the many advantages of the Internet. Choices on policy will have to be made sooner rather than later. The aim of the  discussion is to explore and help make informed policy choices.

We encourage you to attend and share the information with others.

NOTE: If 11:00 UTC is a bit too early or late for you, the webinar will be recorded so that you can view it later.

To help understand more, the Geneva Internet Platform Digital Watch team has prepared this excellent page of information:

See also our blog posts:

Image credit: a screenshot of the WannaCry visualization provided by MalwareTech.

The post Webinar – May 18 – WannaCry Ransomware: Why is it happening and (how) is it going to end? appeared first on Internet Society.

ISOC@OECD, Day 2: Kathy Brown’s speech about trust, Hiroshi Esaki speaking about innovation

Today is the first day of the “Ministerial Conference” section of the OECD Ministerial Meeting on the Digital Economy.  Yesterday was for the very successful “Stakeholder Forums” and my colleague Nicolas Seidler wrote about the ITAC Forum that discussed Internet policies, IPv6, IoT, open standards and Collaborative Security.  I also encourage you to read our OECD Ministerial Background Paper to understand why this meeting is so important for Internet Governance.

11:40 am – OECD Stakeholders Armchair Discussion

Our big event today will be the “OECD Stakeholders’ Armchair Discussion”  where our President and CEO Kathy Brown will speak as a member of the Internet Technical Advisory Committee (ITAC) about what was discussed in the ITAC Forum yesterday and also about the view from within the technical community about the need to increase trust in the Internet.

The overall session she is in starts at 11:40 am local time (UTC-5, similar to US Central time) although we are told the armchair discussion should start closer to 12:20 pm.  Each of the four stakeholder advisory committees will provide a statement, and Kathy will be speaking on behalf of ITAC.

16:45 – Stimulating Digital Innovation across the Economy

After Kathy’s session there will be a 1.5 hour lunch break and then the parallel track sessions begin.  The OECD Ministerial Agenda outlines the sessions, including:

  • Economic and Social Benefits of Internet Openness
  • Consumer Trust and Market Growth
  •  Stimulating Digital Innovation across the Economy
  • Managing Digital Security and Privacy Risk for Economic and Social Prosperity

While all of the sessions are of interest, our attention will be on the session about “Stimulating Digital Innovation” at 16:45 as ISOC Board of Trustees member Hiroshi Esaki will be one of the speakers on the panel.

We understand that the sessions should be live streamed, but we are uncertain of the exact URL.  We would advise you to visit the OECD live stream page to see what streams are available.

You can also follow our @InternetSociety Twitter account where we will be providing updates using the #OECDdigitalMX hashtag.

Watch this blog, too, as we will be posting several more articles throughout the day!

The post ISOC@OECD, Day 2: Kathy Brown’s speech about trust, Hiroshi Esaki speaking about innovation appeared first on Internet Society.