Re-Thinking ICANN’s At Large community

Guest post by Ayden Férdeline (@ferdeline)

It’s a simple message: the At-Large Advisory Committee isn’t fit for purpose. That’s the conclusion that external consultants ITEMS International have drawn in their draft report, now out for public comment, on the review of the ICANN At-Large community.

The 90-page report draws on face-to-face interviews with over 100 ICANN staff and community members and the results from a multilingual, global survey to conclude that At-Large is “excessively focused on internal, procedural matters” and is “perceived to be run by an unchanging group of individuals … who have struggled to make end-user input into policy advice processes a reality.”

The report is less an explosive exposé and more a call to action – and some of the actions it calls for could make the problems it identifies worse.

Continue reading

Of Fancy Bears and Men: Attribution in Cybersecurity

Guest Blog Post by Carter Yagemann, Cybersecurity Researcher and Graduate Student at  The Institute for Information Security & Privacy (IISP), Georgia Tech.

A few weeks ago I had the privilege of attending the RSA conference as an RSAC Security Scholar. It was my first time attending the conference, and the presentations of leading industry security experts made it an event worth attending.

Although the highlights of the event were the discussions on securing the internet of things (IoT) and government’s role in regulating security, I want to tease out another topic that may have been overlooked due to its technical nature: cyber-attack attribution. We’ve seen this topic gain significant attention in the media due to the allegations by the United States that the Russian government sponsored the hacking of the Democratic National Committee. In light of this event, it seems highly appropriate that two researchers from the Russian company Kaspersky Lab gave an RSAC talk on the false flags used by cyber-attackers to mislead researchers attempting to perform attribution. Their points are worth discussing in a more general context because we must understand the credibility and limitations of this kind of forensics if we are to respond intelligently to such serious allegations.

Continue reading