Response to ccTLD training programs to improve Internet security and stability

[Patrick Jones <patrick.jones@xxxxxxxxx>]

Steve,

Thanks for your comment and questions on the growing demand for technical 
training 
(http://forum.icann.org/lists/comments-ssr-fy14-06mar13/msg00010.html). 
Building from yours and Steve Huter's comments, here are some thoughts 
collected from John, Dave, Jeff, and myself.

There will always be some number of TLD managers with training needs. The focus 
on ccTLDs came about in 2003-2004 due to a clear need to train (some) TLDs in 
basic DNS operations.
Today that has morphed into trainings that focus less on basics for ccTLD 
operators and more on security (attack, contingency response, threat 
mitigation, DNSSEC) and monitoring. This came about through constant 
interaction with the community. The feedback loop is critical to ensuring we 
understand the needs and wishes of operators.

While the number of ccTLDs now is known and relatively constant, the TLD space 
in general is about to get bigger. We assume the new operators will not have 
the same needs as existing operators (but that's an assumption). Although Steve 
Huter's comment was focused on the ccTLD space, the Security team is seeing 
training a growing number of requests from law enforcement, regional 
organizations, governments, business groups and universities. Part of the 
answer to your question is that we are not likely to cover the field for 
training in the near future, and we do continue to deliver training to ccTLDs 
as part of an expanding training offering. We continue to seek ways to assist 
LE and are working in collaboration with Europol, Interpol, APWG and others to 
more effectively deliver training at regional events. ICANN's engagement plays 
an important part in the ecosystem by supporting and supplementing the work of 
others like NSRC.

We are grateful for the support of folks like NSRC who have been amazing 
partners in helping train hundreds of ccTLD (and other) people over the years. 
Although it is sometimes hard to measure the effect of such training, we firmly 
believe that this work has played a large part in improving the operational 
standards of the ccTLD community, and contributed to the ecosystem as a whole. 
It has also been critical in helping build community and trust with ccTLD 
operators on an operational level which is invaluable when issues arise which 
require trusted collaboration (responding to threats against TLDs, actual 
attacks etc.).

That said, we still have a long way to go in easing security awareness and 
practices. The hard part is identifying and reaching those who most need 
training. If we look at recent attacks against ccTLDs we can see that it is 
often (not always) the smaller TLD who is not actively participating in the 
community that is affected.

We don't have a magical answer for this dilemma.

John notes "I will occasionally think back to 2003 when a bunch of us got 
together and decided to start this journey. We knew we were in for the long 
haul. We chose to aim directly at the most operationally vulnerable and with a 
concerted, and expensive, effort we proactively went after "low hanging fruit". 
Maybe it's time to pull together that or a similar group together and see if 
there is a will to now start something similar aimed towards security needs?

If we were to do this today we could include some major brands. However I worry 
about that actually making the approach less affective. I would want people 
like Steve Huter to help ensure that we focused on results for the TLDs, which 
helps the system, and not on corporate needs."

In the near term, it is possible to provide a list of operators who have been 
through training. The Security team can show how many trainings we do per year 
(on our own and in partnership with others).

Security is also looking to add staff to better meet the requests from 
operators, law enforcement, regional organizations and others in the community 
for technical training and engagement (this is described in the FY 14 SSR 
Framework). We anticipate these requests will grow, as the regional strategies 
from the African, Asia-Pacific, Latin American and Caribbean, and Middle East 
communities all contain strategic focus areas for security and stability.

Other challenges for us are worth noting:

We are increasingly being asked for very specialized training. The conundrum we 
face is that unlike basic training, a small number of individuals can produce 
these training materials and credibly deliver them; moreover, training of this 
kind evolves quickly over time and even "training trainers" requires greater 
effort. The LE folks in particular want to learn practical aspects, acquired 
knowledge not rote knowledge.

Let's continue this discussion and I hope others weigh in as well.

Patrick (with input from Dave Piscitello, John Crain, Jeff Moss)

--
Patrick L. Jones
Senior Director, Security
Internet Corporation for Assigned Names & Numbers
1101 New York Avenue, NW, Suite 930
Washington, DC 20005
Tel: +1-202-570-7115
patrick.jones@xxxxxxxxx
patrickjones.tel