Written evidence submitted by Nominet
UK (Malware 18)|
1. Nominet is the registry for the .uk country
code top-level domain (ccTLD). With over nine million registered
domain names, we are the second largest country-code top-level
domain. We are a SME with a turnover of around £21 million
and employing about 120 people.
2. We do not keep separate records of our expenditure
to address malware: this is considered as an integral part of
our standard operating costs.
3. As an infrastructure company, we size our
systems to respond to possible attacks. We operate our DNS systems
with an oversized infrastructure in order to respond to threats
such as Denial of Service attacks. We share information with other
leading actors in the domain name industry to identify threats
and development of attack strategies.
4. The domain name industry has a good track
record in working together on sharing best practice and information
about risks. In addition to ad-hoc cooperation and specialist
associations, the main mechanisms for this are:
(a) ICANN (the Internet Corporation for Assigned
Names and Numbers, a US-based not-for-profit public-benefit corporation
established to help coordinate the Internet's naming system).
We are actively involved in the technical coordination work and
a senior staff member is on the Security and Stability Advisory
(b) CENTR (the European registry managers association
with 50 Full Members, 10 Associate Members and 12 organisations
granted observer status) brings together a global partnership
of registry operators: Full and Associate members of CENTR represent
around 80% of total global ccTLD domain name registrations, and
VeriSign, PIR and Afilias, which operate .com, .net, .org and
.info, are also Associated Members. The organisation provides
an excellent framework for sharing information, for highlighting
best practice, and for identifying trends and developments.
5. Nominet is also playing a leading role in
researching and deploying defences against future threats to the
security of the internet. One area of considerable activity over
the last eighteen months has been the deployment of DNSSEC (DNS
Security Extensions). DNSSEC protects against forged DNS data
(for example, from DNS cache poisoning) by providing digitally
signed records. We have signed .uk and .co.uk. We work at the
forefront of DNS monitoring and are developing tools that identify
threats such as botnet, spam and denial-of-service attacks.
6. We have worked with other organisations to
respond to cyber-crime attacks, in particular where this has involved
the use of the domain name system to deliver botnet instructions.
This was the case with the Conficker worm where there was a major
international mobilisation in response to the threat.
7. While we are not a member of a CERT (Computer
Emergency Response Team), Nominet does provide a 24/7 CERT-type
function and we do cooperate with other leading players in network
and information security. We have a dialogue with CPNI and OCSIA
which would allow us to be included in any national emergency
planning or exercises. We were involved in the last (US-led) Cyber
8. We have a significant research effort into
ways of assessing "bad traffic" on the Internet and,
in particular, looking for patterns showing abnormal behaviour.
We are currently spending approx £0.5 million annually on
such proactive research.
9. In summary, this work is integrated into our
business and it is impossible to identify actual malware-related
costs. However, the costs are a significant proportion of our
10. As will be seen above, Nominet is well networked
with other businesses, government agencies and international organisations.
We are a membership organisation and most of the UK's communications
infrastructure companies (and all of the largest ones) are Nominet
11. This cooperation is important in a sector
as rapidly changing as the Internet. The international nature
of communications also makes it important to network across borders
with trusted interlocutorshence why we devote considerable
effort to working with international partners.
12. Increased government involvement with trusted
parties involved in network and information securityin
particular in sharing informationwould be welcome. Such
involvement is best through cooperation and partnership. The speed
of innovation, the transnational nature of the Internet and the
number of organisations involved in assuring the successful operation
of what was designed as a distributed network requires a cooperative,
rather than a centrally coordinated, approach. This was recognised
in the conclusions of the World Summit on the Information Society
in 2005 and led to the implementation by the United Nations of
the multi-stakeholder partnership approach of the Internet Governance
13. One area where the government could help
is in promoting the development of a national CERT, providing
a framework for improved cooperation. Any such body should have
as a key role to develop networks both nationally and internationally.
14. The analogy with human disease is not a helpful
one: the government can certainly help address issues by improved
education and awareness, but even in this area a multi-channel
approach is likely to give better results. As we have discovered
in the five years of the Nominet Internet Awards, many organisations
are active in working with different community groups.
15. Government funding for academic research
will continue to be important. Government can also show the lead
in adopting best practice and in being an early adopter for security
enhancements. However, the significant role is for the government
to work in cooperation and partnership with other key players.
7 September 2011