Please find below an example of UPI's continuing coverage of cyber-security and 
the Department of Homeland Security, published earlier this month. I hope you 
find it interesting. You may link to it on the Web here: 
Please note that the story remains the copyright property of UPI. If you wish 
to publish or archive this article, or get more information about UPI products 
and services, please contact me or e-mail [EMAIL PROTECTED] 
To stop receiving these alerts, just reply with the word "unsubscribe" in the 
subject line.
Shaun Waterman
UPI Homeland and National Security Editor
Tel: 202 898 8081

Analysis: Owning the keys to the Internet
UPI Homeland and National Security Editor

WASHINGTON, April 12 (UPI) -- The U.S. government is pressing ahead with plans 
to implement a new security regime for the basic architecture of the World Wide 
Web, despite unease in some corners of the international Internet management 

"This is the U.S. government stepping forward and showing leadership," Douglas 
Maughan, an official with the Department of Homand Security Science and 
Technology Directorate, told United Press International. 

At issue is the long-debated implementation of a new security system governing 
the Domain Name System, or DNS, the Internet architecture that directs surfers 
to the sites they want to visit. The DNS translates the familiar www Web page 
addresses known as URLs into the numerical Internet Protocol, or IP, codes 
which identify the servers hosting that page. 

Because DNS, like much of the Internet, was built with a relatively open 
architecture, it is possible to fake Internet addresses. Various techniques for 
doing this, known to specialists as DNS "spoofing" or "poisoning," are widely 
used by cyber-criminals. They can con people into believing they are logging on 
to their bank or e-mail accounts, entering personal information or passwords 
that can then be used to rob them. 

The DNS Security Extensions Protocol, or DNSSec, is designed to end such abuse 
by allowing the instantaneous authentication of DNS information -- effectively 
creating a series of digital keys for the system. 

One lingering question -- largely academic until now -- has been who should 
hold the key for the so-called DNS Root Zone, the part of the system that sits 
above the so-called Top Level Domains, like .com and .org. 

The U.S. Department of Homeland Security is funding the development of a 
technical plan for implementing DNSSec, and last October distributed an initial 
draft of it to a long list of international experts for comments. 

The draft lays out a series of options for who could be the holder, or 
"operator," of the Root Zone Key, essentially boiling down to a governmental 
agency or a contractor. 

"Nowhere in the document do we make any proposal about the identity of the Root 
Key Operator," said Maughan, the cyber-security research and development 
manager for Homeland Security. 

Maughan said a new version of the draft specification, incorporating 
suggestions from the experts who reviewed it, would be released later this year 
for public comment. 

"We are still working through some of the process issues" such as how to record 
and respond to all the public comments, he said, adding he hoped the document 
would be released "no later than the end of the summer." 

He said the new version adopts a different nomenclature for the Root Key 
Operator, "to make it clear that a non-governmental organization or non-U.S. 
governmental agency could play the role." 

"We recognize that increasing the security of the Internet requires global 
cooperation," stated a note accompanying the draft technical specification when 
it was circulated last year. 

Nonetheless, at a recent meeting in Lisbon of the Internet Corporation for 
Assigned Names and Numbers, the international non-profit that currently manages 
DNS, there was some concern that the U.S. government might push ahead with 
implementation unilaterally. 

"Our concern is that if unilateral action is taken it could generate friction 
in the operation of the Internet," Bernard Turcotte, president of the Canadian 
Internet Registration Authority, who was at the Lisbon meeting, told UPI. 

Maughan said that while the U.S. government was committed to implementing 
DNSSec this year in the .gov domain, which it owns, that could be done 
independently, regardless of whether the new security system was rolled out 
Internet-wide or not. 

"We can secure .gov and all the zones under .gov (like, or 
even if the Root (Zone) remains unsigned," he said, pointing out that HYPERLINK 
 \\\\nSweden had already implemented a digital key for the Country-Code Top 
Level Domain, .se, which it owned. 

"You can secure islands of DNS ... we can secure our .gov infrastructure. That 
has nothing to do with the Root Zone Key," Maughan said. 

"U.S. government agencies will be among the first to implement DNSSec," said 
Maughan, "This is the U.S. government stepping forward and showing leadership." 

But he added that the U.S. government regards this as only the first step in 
the deployment of DNSSec globally. "It will take a lot more people to get 
involved to get that done," said Maughan, pledging that implementation "as 
directed by the president in the U.S. National Strategy to Secure Cyberspace" 
would go ahead. 

It is that determination that worries some observers. 

"To a large extent the Internet works because it is a collaborative effort," 
said Turcotte. "We want to avoid friction and conflict ... We want to ensure 
that whatever measures are implemented are well coordinated." 

In part, he said, concern stems from the fact that the U.S. government, which 
currently manages and audits the Root Zone through the Department of Commerce 
and the contractor Verisign, is in a strong position to push ahead unilaterally 
-- something that is resented in some quarters. 

"There are some governments that seem upset about that (U.S. role as auditor), 
but there has never been any reason to be. The U.S. government has handled its 
oversight responsibilities very well," he said. 

Nonetheless, one report of the Lisbon meeting on an obscure German news Web 
site -- which was widely circulated on the Internet this month -- accused the 
Department of Homeland Security of having demanded "the master key" to the 

The report led many so-called Netizens -- members of large and long established 
Internet discussion sites like Slashdot -- to question the motives of the U.S. 

Several contributors suggested that possessing the Root Zone Key would make the 
U.S. government the only entity that could "spoof" DNS addresses. 

Maughan dismissed the flap as "silly." 

"The only mention of (the Department of Homeland Security) in the (draft DNSSec 
specification) is on the front cover. Our logo is there because we funded the 
development of it," he said. 

"The Root Key Operator is going to be in a highly trusted position. It's going 
to be a highly trusted entity. The idea that anyone in that position would 
abuse it to spoof addresses is just silly."

© Copyright 2007 United Press International, Inc. All Rights Reserved.

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.463 / Virus Database: 269.5.9/773 - Release Date: 4/22/2007 8:18 PM

[Non-text portions of this message have been removed]

Want to discuss this topic?  Head on over to our discussion list, [EMAIL 
Brooks Isoldi, editor

  Post message:
  Subscribe:    [EMAIL PROTECTED]
  Unsubscribe:  [EMAIL PROTECTED]

*** FAIR USE NOTICE. This message contains copyrighted material whose use has 
not been specifically authorized by the copyright owner. OSINT, as a part of 
The Intelligence Network, is making it available without profit to OSINT 
YahooGroups members who have expressed a prior interest in receiving the 
included information in their efforts to advance the understanding of 
intelligence and law enforcement organizations, their activities, methods, 
techniques, human rights, civil liberties, social justice and other 
intelligence related issues, for non-profit research and educational purposes 
only. We believe that this constitutes a 'fair use' of the copyrighted material 
as provided for in section 107 of the U.S. Copyright Law. If you wish to use 
this copyrighted material for purposes of your own that go beyond 'fair use,' 
you must obtain permission from the copyright owner.
For more information go to: 
Yahoo! Groups Links

<*> To visit your group on the web, go to:

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:[EMAIL PROTECTED] 
    mailto:[EMAIL PROTECTED]

<*> To unsubscribe from this group, send an email to:

<*> Your use of Yahoo! Groups is subject to:

Reply via email to