Malware and cyber crime - Science and Technology Committee Contents

Written evidence submitted by Nominet UK (Malware 18)


1.  Nominet is the registry for the .uk country code top-level domain (ccTLD). With over nine million registered domain names, we are the second largest country-code top-level domain. We are a SME with a turnover of around £21 million and employing about 120 people.


2.  We do not keep separate records of our expenditure to address malware: this is considered as an integral part of our standard operating costs.

3.  As an infrastructure company, we size our systems to respond to possible attacks. We operate our DNS systems with an oversized infrastructure in order to respond to threats such as Denial of Service attacks. We share information with other leading actors in the domain name industry to identify threats and development of attack strategies.

4.  The domain name industry has a good track record in working together on sharing best practice and information about risks. In addition to ad-hoc cooperation and specialist associations, the main mechanisms for this are:

(a)  ICANN (the Internet Corporation for Assigned Names and Numbers, a US-based not-for-profit public-benefit corporation established to help coordinate the Internet's naming system). We are actively involved in the technical coordination work and a senior staff member is on the Security and Stability Advisory Committee; and

(b)  CENTR (the European registry managers association with 50 Full Members, 10 Associate Members and 12 organisations granted observer status) brings together a global partnership of registry operators: Full and Associate members of CENTR represent around 80% of total global ccTLD domain name registrations, and VeriSign, PIR and Afilias, which operate .com, .net, .org and .info, are also Associated Members. The organisation provides an excellent framework for sharing information, for highlighting best practice, and for identifying trends and developments.

5.  Nominet is also playing a leading role in researching and deploying defences against future threats to the security of the internet. One area of considerable activity over the last eighteen months has been the deployment of DNSSEC (DNS Security Extensions). DNSSEC protects against forged DNS data (for example, from DNS cache poisoning) by providing digitally signed records. We have signed .uk and We work at the forefront of DNS monitoring and are developing tools that identify threats such as botnet, spam and denial-of-service attacks.

6.  We have worked with other organisations to respond to cyber-crime attacks, in particular where this has involved the use of the domain name system to deliver botnet instructions. This was the case with the Conficker worm where there was a major international mobilisation in response to the threat.

7.  While we are not a member of a CERT (Computer Emergency Response Team), Nominet does provide a 24/7 CERT-type function and we do cooperate with other leading players in network and information security. We have a dialogue with CPNI and OCSIA which would allow us to be included in any national emergency planning or exercises. We were involved in the last (US-led) Cyber Storm exercise.

8.  We have a significant research effort into ways of assessing "bad traffic" on the Internet and, in particular, looking for patterns showing abnormal behaviour. We are currently spending approx £0.5 million annually on such proactive research.

9.  In summary, this work is integrated into our business and it is impossible to identify actual malware-related costs. However, the costs are a significant proportion of our total turnover.


10.  As will be seen above, Nominet is well networked with other businesses, government agencies and international organisations. We are a membership organisation and most of the UK's communications infrastructure companies (and all of the largest ones) are Nominet members.

11.  This cooperation is important in a sector as rapidly changing as the Internet. The international nature of communications also makes it important to network across borders with trusted interlocutors—hence why we devote considerable effort to working with international partners.

12.  Increased government involvement with trusted parties involved in network and information security—in particular in sharing information—would be welcome. Such involvement is best through cooperation and partnership. The speed of innovation, the transnational nature of the Internet and the number of organisations involved in assuring the successful operation of what was designed as a distributed network requires a cooperative, rather than a centrally coordinated, approach. This was recognised in the conclusions of the World Summit on the Information Society in 2005 and led to the implementation by the United Nations of the multi-stakeholder partnership approach of the Internet Governance Forum.

13.  One area where the government could help is in promoting the development of a national CERT, providing a framework for improved cooperation. Any such body should have as a key role to develop networks both nationally and internationally.

14.  The analogy with human disease is not a helpful one: the government can certainly help address issues by improved education and awareness, but even in this area a multi-channel approach is likely to give better results. As we have discovered in the five years of the Nominet Internet Awards, many organisations are active in working with different community groups.

15.  Government funding for academic research will continue to be important. Government can also show the lead in adopting best practice and in being an early adopter for security enhancements. However, the significant role is for the government to work in cooperation and partnership with other key players.

7 September 2011

previous page contents

© Parliamentary copyright 2012
Prepared 2 February 2012