Sunday, June 28, 2009

Ex-DHS Cyber Chief Tapped as President of ICANN ((Wahington Post: Security Fix)

Ex-DHS Cyber Chief Tapped as President of ICANN


http://voices.washingtonpost.com/securityfix/2009/06/ex-dhs_cyber_chief_tapped_as_p.html?wprss=securityfix


Former Department of Homeland Security cyber chief Rod A. Beckstrom has been tapped to be the new president of the Internet Corporation for Assigned Names and Numbers (ICANN), the California based non-profit, which oversees the Internet's address system.

beckstrom.JPG

Most recently, Beckstrom was director of the National Cyber Security Center -- an organization created to coordinate security efforts across the intelligence community. Beckstromresigned that post in March, citing a lack of funding and authority.

Beckstrom joins ICANN as the Internet governance body faces some of the most complex and contentious proposed changes to the Internet's addressing system in the organization's entire 11-year history. For example:

-- The United States is under considerable pressure to give up control over ICANN and turn it over to international supervision and management. ICANN currently operates under a Joint Project Agreement with the U.S. government, but that agreement is due to expire at the end of September.

-- Currently, there are 21 so-called "generic top-level domains," such as dot-com, dot-net, dot-biz, and dot-org. Under pressure from domain speculators and many businesses, ICANN is in now in the process of radically expanding the number of new gTLDs to include potentially hundreds more, to include things like brand names (e.g., dot-nike or dot-google), places (.e.g., dot-berlin or dot-ohio), or even sports franchises (e.g., dot-yankees). Intellectual property rights lawyers and some business groups have opposed expanding the number of gTLDs without first putting in place a system for addressing disputes over domains that could violate trademark rights.

-- ICANN is moving to implement so-called "internationalized domain names," which will allow the creation and display of domain names written in different alphabets and languages, such as domains featuring Chinese and Russian characters. IDNs are hardly controversial, but they do hold the potential to give scam artists like phishers a whole new way to trick people into visiting scam sites. Consider, for example, that the Cyrillic "a" and the Latin "a" may look alike to humans, but they are interpreted differently by machines. As a result a domain name registered by fraudsters that includes a mix of Cyrillic and Latin letters might look like a familiar brand when presented in a Web link, but lead to a counterfeit version of that brand's Web site designed to steal customer data.

Beckstrom was voted president of ICANN at the group's meeting in Sydney, Australia this week. On Thursday, I had the opportunity to speak via phone with Beckstrom about why he wanted this job, and what he hopes to do with it. Here are some excerpts from that interview:

BK: Congratulations on being picked.

Beckstrom: Thank you. You know, it's funny...I just got an e-mail from a friend who said he thought it would be hard to imagine me finding a more difficult job than running the NCSC [at DHS], but congratulating me on finding something even more impossible than that job [laughs].

BK: Yes. ICANN has a reputation for being difficult to manage and come to a consensus on even seemingly simple issues. Some people have likened it to herding cats. What made you want this job in the first place?

Beckstrom: Well, I've herded cats for a lot of my career. In fact, for 14 years, I ran CATS Software Inc., which had 35 Ph.Ds on the staff and two Nobel Prize winners on the board of directors, and let me tell you having that much brainpower in the shop is seriously like herding cats. So, maybe I have some experience there.

BK: What is your impression of ICANN and this process as you've watched the various communities coalesce down there for this week's meeting?

Beckstrom: I'm a bit overwhelmed by the tremendous complexity of issues on the table. This is perhaps the most complex, multi-stakeholder environment I've ever seen. So I have a great appreciation for that and a fascination with that, but I certainly wouldn't even claim to have a firm grasp on all of this yet. And that's one of the things I'll need to be learning as I grow into this role.

BK: Are there parallels between what you were doing at NCSC and this job?

Beckstrom: The NCSC was focused on developing good collaboration between very disparate parts of the U.S. government, and in terms of getting that human collaboration going, I feel we achieved some success there. At ICANN, there are some similar challenges: We have some very, very passionate stakeholder groups with very different interests. So, as a starfish guy this is kind of appealing.

[With the "starfish" reference, Beckstrom was making a clever plug for the book he co-authored in 2006, called "The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations." In it, Beckstrom and co-author Ori Brafman use the two creatures to illustrate their argument that decentralized organizations -- whether in the marketplace or the battlefield -- are more nimble, creative and resilient than those that operate in a rigid, top-down fashion.]

BK: What will be your top priorities as president of ICANN?

Beckstrom: The first step is to get to know the different communities involved, and after that to start understanding them. Then, I hope to be an effective agent or catalyst in assisting those portions of the communities that would like my involvement.

BK: As I'm sure you're aware, ICANN's decision to move forward on hundreds of new gTLDs has ruffled some feathers, particularly in the business and intellectual property communities. Critics of the current process say it's moving forward too quickly and that the new gTLDs are merely going to create a myriad of costly, legal headaches for brand owners, who will be forced to go out and register variations of their brand name in hundreds of new gTLDs to protect their brands. Are their concerns valid, and are they being addressed well enough?

Beckstrom: Having just spent the week here, I can tell you one of the prominent topics of debate were the intellectual property questions, with various parties proposing solutions. There are still different thoughts in the community: On the one hand, ICANN is receiving a lot of pressure from many companies around the world who want new gTLDs...who want them opened up and available. And others want reasonable mechanisms for some intellectual property review and process.

So, ICANN's role is to try to play a balancing role. ICANN doesn't have a firm position on what the solution is. ICANN is simply asking the global community of IP attorneys and others to develop the best possible solutions they can which can actually be implemented. But one of the solutions is not avoiding the gTLDs, because there's tremendous demand from all over the world to have those, and the number of companies who are opposing them appear to be a minority compared to those who think they should be out there and present.

BK: How would you like to see ICANN evolve over the next few years?

Beckstrom: I don't have any fixed opinions on that. What I hope ICANN will continue to do is to protect the globally unified, free, and open Internet. The Internet continues working as long as ICANN continues its support for the core address and naming functions. ICANN has done a superlative job of that often hidden and unappreciated function, which is vital.

BK: It is becoming clear that a large percentage of domains associated with cyber crime are in fact issued by domain registrars authorized to issue Web site names within so-called country code top-level domains (ccTLDs), such as the dot-cn ccTLD, maintained by China. Obviously, ccTLDs are administered by sovereign nations -- and therefore largely outside the governance of ICANN. But the international community's approach to tackling global malware outbreaks like the Conficker Worm, showed that more cooperation and collaboration is needed by ccTLDs if we are to get a hold on the cyber crime problem. What additional role does ICANN have to play here?

Beckstrom: National governments have a tremendous say about what occurs within their borders, and that's the reality of the world. But we're really pleased that we do have a Government Advisory Council with formal official delegates from 83 different countries. That's one of our most precious stakeholder groups that I know the board of ICANN listens to carefully. And the range of issues that are brought before that important group are likely to increase over time.

But, clearly a growing part of the community is increasingly concerned about security, and Conficker is a great example of a focused way in which ICANN can collaborate with the other community members and add value to solving a critical and timely problem. And I'd like to see a lot more of that to help build the organization so that it can be more effective in doing that knid of thing on many different fronts.

By Brian Krebs | June 26, 2009; 7:30 AM ET

No comments: