Simon Smith (eVestigator) points out the cyber risk of losing part of the Internet amidst the recent NTIA contract expiry with ICANN
Announcement posted by eVestigator Cyber Forensic IT & Expert Witness Services 02 Oct 2016
You may now know that the Internet Assigned Numbers Authority (IANA) functions, have had their functions delegated elsewhere. I, as a Cyber Security Forensic Expert must draw public attention to a potential cyber security risk that may affect the world.
Well one would think so, but this is essentially a record of records, the entire 'yellow pages' of the Internet. This is the most dangerous database available if it were to avail itself to an external hacker. As a certified ethical white hat hacker, I am concerned for two main reasons. I have read the material and the planning and must commend the parties as on the face of it, it appears systematic and structured.
However I am finding something missing. An IP address marks a location of, say a bank, or the military. In a fact sheet published by the NTIA in September 2016 the NTIA published that, "The United States does not control the Internet. No one controls or owns the Internet". They then go on to state, "The Internet is not ours to give away".
However, not far after they state, "By supporting multistakeholder Internet governance, we make certain the Internet becomes no other nations' to take". In a time where cyber-terrorism is very active, and the job of ICANN is already at large, fulfilled with the worldwide task of coordinating the Domain Name System (DNS), resolving the name allocation and its suboordinates - how can it be managed effectively against cybercrime when the NTIA on their own website state that the control of the Internet relies on cooperation "through the consensus of a wide array of stakeholders, predominantly from the private sector".
The first rule of cybersecurity is and I'm sure my colleagues would agree is to "know your enemy" and "assume you will be breached". I have read the media announcements about the transition, but what scares me is that I have heard nothing at all about any proposed Risk Management Methodology, or Risk Management Process, according or anything similar to ISO Standard 13335.
You would expect that at this level, where the whole worlds data is at stake of movement and changeover, the risk of infiltration is higher. I ask the Government of the various countries to address the world as to my question on, "How are they going to ensure that there is a Risk IT Framework in place to protect the possibility of a stolen internet?"
This is not a fairy tale, it could happen. If frameworks such as the ISACA Risk IT framework or ISO 27005 are not followed we may find ourselves with a controlled, filtered and censored version of the internet, or maybe variants of such which would increase cybercrime because, "nobody owns the Internet".
I urge all Governments' to set specific Risk Mitigation Standards to protect, monitor and mitigate against any cyber risks for the future and now in their own IP Allocation Range and that which they will need in the future.
Otherwise, we may all end up with a slice of the Internet as we know it. It is very possible, yet nobody has spoken of this.
I am open for interview on this topic:
Simon Smith
Australia
+61410643121
http://www.cybersecurity.com.au
http://www.evestigator.com.au
forensic@evestigator.com.au
However I am finding something missing. An IP address marks a location of, say a bank, or the military. In a fact sheet published by the NTIA in September 2016 the NTIA published that, "The United States does not control the Internet. No one controls or owns the Internet". They then go on to state, "The Internet is not ours to give away".
However, not far after they state, "By supporting multistakeholder Internet governance, we make certain the Internet becomes no other nations' to take". In a time where cyber-terrorism is very active, and the job of ICANN is already at large, fulfilled with the worldwide task of coordinating the Domain Name System (DNS), resolving the name allocation and its suboordinates - how can it be managed effectively against cybercrime when the NTIA on their own website state that the control of the Internet relies on cooperation "through the consensus of a wide array of stakeholders, predominantly from the private sector".
The first rule of cybersecurity is and I'm sure my colleagues would agree is to "know your enemy" and "assume you will be breached". I have read the media announcements about the transition, but what scares me is that I have heard nothing at all about any proposed Risk Management Methodology, or Risk Management Process, according or anything similar to ISO Standard 13335.
You would expect that at this level, where the whole worlds data is at stake of movement and changeover, the risk of infiltration is higher. I ask the Government of the various countries to address the world as to my question on, "How are they going to ensure that there is a Risk IT Framework in place to protect the possibility of a stolen internet?"
This is not a fairy tale, it could happen. If frameworks such as the ISACA Risk IT framework or ISO 27005 are not followed we may find ourselves with a controlled, filtered and censored version of the internet, or maybe variants of such which would increase cybercrime because, "nobody owns the Internet".
I urge all Governments' to set specific Risk Mitigation Standards to protect, monitor and mitigate against any cyber risks for the future and now in their own IP Allocation Range and that which they will need in the future.
Otherwise, we may all end up with a slice of the Internet as we know it. It is very possible, yet nobody has spoken of this.
I am open for interview on this topic:
Simon Smith
Australia
+61410643121
http://www.cybersecurity.com.au
http://www.evestigator.com.au
forensic@evestigator.com.au
