Please find below an example of UPI's continuing coverage of cyber-security and
the Department of Homeland Security, published earlier this month. I hope you
find it interesting. You may link to it on the Web here:
HYPERLINK
http://www.upi.com/inc/2007/04/12/analysis_owning_the_keys_to_the_internet/print_view/
http://www.upi.com/inc/2007/04/12/analysis_owning_the_keys_to_the_internet/print_view/
Please note that the story remains the copyright property of UPI. If you wish
to publish or archive this article, or get more information about UPI products
and services, please contact me or e-mail [EMAIL PROTECTED]
To stop receiving these alerts, just reply with the word "unsubscribe" in the
subject line.
Shaun Waterman
UPI Homeland and National Security Editor
E-mail: [EMAIL PROTECTED]
Tel: 202 898 8081
Analysis: Owning the keys to the Internet
By SHAUN WATERMAN
UPI Homeland and National Security Editor
WASHINGTON, April 12 (UPI) -- The U.S. government is pressing ahead with plans
to implement a new security regime for the basic architecture of the World Wide
Web, despite unease in some corners of the international Internet management
community.
"This is the U.S. government stepping forward and showing leadership," Douglas
Maughan, an official with the Department of Homand Security Science and
Technology Directorate, told United Press International.
At issue is the long-debated implementation of a new security system governing
the Domain Name System, or DNS, the Internet architecture that directs surfers
to the sites they want to visit. The DNS translates the familiar www Web page
addresses known as URLs into the numerical Internet Protocol, or IP, codes
which identify the servers hosting that page.
Because DNS, like much of the Internet, was built with a relatively open
architecture, it is possible to fake Internet addresses. Various techniques for
doing this, known to specialists as DNS "spoofing" or "poisoning," are widely
used by cyber-criminals. They can con people into believing they are logging on
to their bank or e-mail accounts, entering personal information or passwords
that can then be used to rob them.
The DNS Security Extensions Protocol, or DNSSec, is designed to end such abuse
by allowing the instantaneous authentication of DNS information -- effectively
creating a series of digital keys for the system.
One lingering question -- largely academic until now -- has been who should
hold the key for the so-called DNS Root Zone, the part of the system that sits
above the so-called Top Level Domains, like .com and .org.
The U.S. Department of Homeland Security is funding the development of a
technical plan for implementing DNSSec, and last October distributed an initial
draft of it to a long list of international experts for comments.
The draft lays out a series of options for who could be the holder, or
"operator," of the Root Zone Key, essentially boiling down to a governmental
agency or a contractor.
"Nowhere in the document do we make any proposal about the identity of the Root
Key Operator," said Maughan, the cyber-security research and development
manager for Homeland Security.
Maughan said a new version of the draft specification, incorporating
suggestions from the experts who reviewed it, would be released later this year
for public comment.
"We are still working through some of the process issues" such as how to record
and respond to all the public comments, he said, adding he hoped the document
would be released "no later than the end of the summer."
He said the new version adopts a different nomenclature for the Root Key
Operator, "to make it clear that a non-governmental organization or non-U.S.
governmental agency could play the role."
"We recognize that increasing the security of the Internet requires global
cooperation," stated a note accompanying the draft technical specification when
it was circulated last year.
Nonetheless, at a recent meeting in Lisbon of the Internet Corporation for
Assigned Names and Numbers, the international non-profit that currently manages
DNS, there was some concern that the U.S. government might push ahead with
implementation unilaterally.
"Our concern is that if unilateral action is taken it could generate friction
in the operation of the Internet," Bernard Turcotte, president of the Canadian
Internet Registration Authority, who was at the Lisbon meeting, told UPI.
Maughan said that while the U.S. government was committed to implementing
DNSSec this year in the .gov domain, which it owns, that could be done
independently, regardless of whether the new security system was rolled out
Internet-wide or not.
"We can secure .gov and all the zones under .gov (like dhs.gov, or usdoj.gov)
even if the Root (Zone) remains unsigned," he said, pointing out that HYPERLINK
"http://www.upi.com/Security_Terrorism/Analysis/2007/04/12/analysis_owning_the_keys_to_the_internet/#";
\\\\nSweden had already implemented a digital key for the Country-Code Top
Level Domain, .se, which it owned.
"You can secure islands of DNS ... we can secure our .gov infrastructure. That
has nothing to do with the Root Zone Key," Maughan said.
"U.S. government agencies will be among the first to implement DNSSec," said
Maughan, "This is the U.S. government stepping forward and showing leadership."
But he added that the U.S. government regards this as only the first step in
the deployment of DNSSec globally. "It will take a lot more people to get
involved to get that done," said Maughan, pledging that implementation "as
directed by the president in the U.S. National Strategy to Secure Cyberspace"
would go ahead.
It is that determination that worries some observers.
"To a large extent the Internet works because it is a collaborative effort,"
said Turcotte. "We want to avoid friction and conflict ... We want to ensure
that whatever measures are implemented are well coordinated."
In part, he said, concern stems from the fact that the U.S. government, which
currently manages and audits the Root Zone through the Department of Commerce
and the contractor Verisign, is in a strong position to push ahead unilaterally
-- something that is resented in some quarters.
"There are some governments that seem upset about that (U.S. role as auditor),
but there has never been any reason to be. The U.S. government has handled its
oversight responsibilities very well," he said.
Nonetheless, one report of the Lisbon meeting on an obscure German news Web
site -- which was widely circulated on the Internet this month -- accused the
Department of Homeland Security of having demanded "the master key" to the
Internet.
The report led many so-called Netizens -- members of large and long established
Internet discussion sites like Slashdot -- to question the motives of the U.S.
government.
Several contributors suggested that possessing the Root Zone Key would make the
U.S. government the only entity that could "spoof" DNS addresses.
Maughan dismissed the flap as "silly."
"The only mention of (the Department of Homeland Security) in the (draft DNSSec
specification) is on the front cover. Our logo is there because we funded the
development of it," he said.
"The Root Key Operator is going to be in a highly trusted position. It's going
to be a highly trusted entity. The idea that anyone in that position would
abuse it to spoof addresses is just silly."
© Copyright 2007 United Press International, Inc. All Rights Reserved.
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.463 / Virus Database: 269.5.9/773 - Release Date: 4/22/2007 8:18 PM
[Non-text portions of this message have been removed]
--------------------------
Want to discuss this topic? Head on over to our discussion list, [EMAIL
PROTECTED]
--------------------------
Brooks Isoldi, editor
[EMAIL PROTECTED]
http://www.intellnet.org
Post message: osint@yahoogroups.com
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
*** FAIR USE NOTICE. This message contains copyrighted material whose use has
not been specifically authorized by the copyright owner. OSINT, as a part of
The Intelligence Network, is making it available without profit to OSINT
YahooGroups members who have expressed a prior interest in receiving the
included information in their efforts to advance the understanding of
intelligence and law enforcement organizations, their activities, methods,
techniques, human rights, civil liberties, social justice and other
intelligence related issues, for non-profit research and educational purposes
only. We believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish to use
this copyrighted material for purposes of your own that go beyond 'fair use,'
you must obtain permission from the copyright owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/osint/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/osint/join
(Yahoo! ID required)
<*> To change settings via email:
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
