NSA, ICANN Cyber Officials Share Praise of DNSSec, Clash over Authentication
SAN JOSE, Calif. -- Cybersecurity officials from the National Security Agency and ICANN agreed Wednesday that infrastructure measures such as using the DNSSec specifications are the most efficient ways to protect government and other networks. But they disagreed sharply at the Military Communications Conference over the benefits of introducing strong authentication.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
"The most successful security measures have been infrastructural rather than voluntary,” said Whitfield Diffie, ICANN vice president of information security and cryptography. He said fiber wasn’t introduced to protect networks, but it has probably helped more than all the highly publicized work of cryptographers like him. The rollout of DNSSec, short for Domain Name System Security Extensions, will be slow, Diffie said, estimating it at three to five years. But that’s actually good, because the pitfalls can be detected and fixed along the way, he said. The technology will greatly reduce spam and increase confidence that a site belongs to whomever it seems to, Diffie said.
Neal Ziring, technical director of the NSA’s Information Assurance Directorate, agreed that infrastructure measures such as DNSSec are valuable in setting broad adoption of cybersecurity. He said Comcast’s adoption of the security extensions reflects the business interest of all ISPs and large organizations to follow suit. “A cleaner customer base is a more profitable customer base,” Ziring said, and the same logic goes for protecting the systems used by employees.
But when Ziring said the single biggest help in protecting the .gov domain would “to finally roll out authenticated identifiers for people and devices,” as the NSA has nearly completed doing, Diffie objected. “I'm not sure that’s what I would do,” he said.
The Internet wouldn’t have become the “great cultural and economic force” it is if strong authentication had been built in from the start, Diffie said. The “diversity of authority” in cyberspace is one of its great strengths “as well as a great problem for us at ICANN,” he said. Changing it would “diminish the Internet immeasurably,” Diffie said.
Allowing telework and disability access to federal systems presents challenges in securing them, said Roberta Stempfley, director of the Homeland Security Department’s National Cyber Security Division. Her agency is trying to help duplicate throughout the government the successes of the NSA and the State Department in integrating IT and cybersecurity activities internally, she said.