Chatham House’s International Security Programme and the DNS Research Federation held a substantive public discussion on Domain Name System on 20th June 2022 inviting various stakeholders in cyber security. The topic of Domain Name System (DNS) has been rarely mentioned as a mainstream discourse among stakeholders despite its multilayered importance. This drives the DNS topic under the radar and necessitates further discussion, research, and debate in the field. Hence, the event itself was titled Under the Radar: Connecting the Dots between the Domain Name System and Today’s Cyber Reality. Hosted by Joyce Hakmeh (Chatham House), the event invited speakers from different backgrounds: Catherine Bauer-Bulst from the European Commission, Drew Bagley from Crowdstrike, Dr Diana Burley from American University, and Emily Taylor, CEO of Oxford Information Labs and Co-Editor of Journal of Cyber Policy.
Not enough Policy Attention
Joyce Hakmeh opened the discussion by mentioning the current state of affairs of the DNS topic: not enough policy attention and not enough information. This brought forth an important question, to what extent policy makers pay attention to the DNS and its related challenges. Catherine Bauer-Bulst stated the EU’s long standing commitment to security and stability of the DNS, especially by overcoming DNS abuses. The EU, according to Bauer-Bulst, have chosen the large definition of DNS abuse that includes a wide range of abuses from infrastructure, technical, to content delivery. This is also intended to include the potential inclusion of different DNS actors in a wider ecosystem to collaborate in overcoming the abuses. The study of European Commission in 2020 on the prevalence abuse of the DNS provided an important note for the European Commission about what the current problems are and, more importantly, what to do next. This includes, according to Bauer-Bulst, the importance of safeguarding the small medium entreprises in Europe from DNS abuses.
Drew Bagley from Crowdstrike raised a point about the link between DNS related cybercrimes and privacy issue. The link is multilayered as it ranges from low level threats of cybercrime, such as DNS squatting, to very sophisticated threats of cybercrime using advanced infrastructure. Recently, the new trend of cyber attacks include the use of legitimate infrastructure with a hosting provider and setting up virtual machines to carry out cyber attacks. The complexity of the DNS related cyber attacks, according to Bagley, has significantly improved from ten years ago. He calls for a more comprehensive and data driven approach policies from stakeholders to address the new trend, complexity, and solution of DNS related cybercrimes.
Expanding the Conversation
Dr Diana Burley also agrees with Bagley on the significance of comprehensive approach in tackling DNS challenges. Burley calls for expanding conversation on the Domain Name System to a wider audience given the low attention of policymakers and academia on DNS challenges. The lack of understanding of the environment and actors on DNS has constrained the policymakers to sufficiently address the issue. According to Burley, the policy-making ecosystem currently has a limited sense of the technical infrastructure and little connection to technical experts on DNS, yet they are tasked to regulate detailed technical issues. This disconnection has hindered the progress on making better DNS policies and solutions that ideally should be up to date with the evolving challenges.
In a similar line, Emily Taylor mentioned that the standards-making and internet governance were set up in the 1990s according to the best thinking of that time. This disconnects internet architecture from the evolving realities of cyberspace. Consequently, this distances the internet architecture from the younger generations. There is also a geopolitical concern to take into account, particularly on multilateralism and multistakeholder internet governance. The necessity to sustain free, open and democratic values in the internet increasingly become an urgent interest for Western countries. The problem of DNS is situated in the centre of it. The fight against current cyber challenges such as network security, cyber crimes, and child abuse requires better attention on DNS.
The discussion was followed by question and answer sessions with some intriguing questions including the potential contradiction between the European Union’s commitment to multilateral cooperation on DNS and European Digital Sovereignty vision. There was also a question about how to engage young people on DNS and internet governance issues.
Connecting the Dots
Overall, the event successfully brings together different perspectives from various stakeholders on DNS and its existing challenges. The speakers come to a consensus on the importance of expanding the discourse and conversation of DNS to a broader audience. The shared interest to overcome current cyber challenges shall drive better and wider cooperation among involving actors by emphasizing multilateralism and multistakeholder approaches. The cooperation on DNS related issues ideally shall connect the dots of actors and issues, without leaving anyone behind.