Cybersecurity Act Seeks to Regulate Domain Names

Published July 1, 2009

The Cybersecurity Act of 2009, a bill currently winding its way through Congress, would grant stricter federal oversight of the Internet Corporation for Assigned Names and Numbers (ICANN), which allots Internet domain names and Web site addresses.

The sponsors of the bill (S 773), Sens. John D. Rockefeller (D-WV) and Olympia Snowe (R-ME), claim their proposal is necessary to prevent what they call unacceptable vulnerability to cybercrime, espionage, and attacks that could cripple critical infrastructure.

The bill provides that within three years of its enactment the National Telecommunications and Information Administration (NTIA) would be required to develop a strategy to implement a secure domain addressing system for federal agencies and for private-sector networks deemed critical by the president of the United States.

Private-Sector Solution

ICANN is an international organization established in 1998 by the U.S. Department of Commerce for the very purpose of privatizing domain name administration.

“From ICANN’s very beginning, everyone, particularly the U.S. government, expressed a willingness to recognize a new, not-for-profit corporation formed by private-sector Internet stakeholders to administer policy for the Internet name and address system,” said Brad White, ICANN’s director of media affairs.

White said the government at the time envisioned a transition process that would facilitate ending the U.S. government’s role in the Internet number and name address system in a manner that ensured the stability of the Internet.

Bill Reverses Course

The Cybersecurity Act of 2009 would reverse the planned government withdrawal from the domain name process and give it control over ICANN’s Internet Assigned Numbers Authority, responsible for global coordination of the DNS root, IP addressing, and other Internet protocols.

“Typically when people advocate a degree of ‘greater control’ over ICANN, be it by a government or anyone else, it is often because they don’t understand how ICANN functions, how unique its bottom-up structure is, and how effective it has been in coordinating a global Internet address system,” said White.

New Law Unnecessary

The National Institute of Standards and Technology already is moving to secure the domains of federal agencies while ICANN safely handles private-sector domains worldwide with U.S. Commerce Department oversight.

“ICANN has not failed,” said Clifford Neuman, director of the Center for Computer Systems Security, Information Sciences Institute at the University of Southern California. “We have a system called the Domain Name Security System. The problem is people are not deploying it. ICANN is not in a position to force everyone to change.”

Bottom-up Success

White emphasizes ICANN’s bottom-up structure has worked well on an international scale.

“It is fundamental in giving all members of the Internet community a voice and preserving the vibrancy of the Internet,” White said. “Most organizations institute policy formed by the board. ICANN has successfully demonstrated how policy can be formed by multiple stakeholders.

“In short, it is inclusive, democratic, and fundamental in allowing the development of a free-market-driven Internet,” White said.

Brien Farley ([email protected]) writes from Genesee, Wisconsin.