Susan Crawford (an ICANN board member) has recently criticised the security standards at the DHS (Department of Homeland Security). There have been various allegations that the DHS want the security keys for encryption of DNSSEC to be handed over to ICANN very slowly.

Crawford says the DHS is unprepared for the future and noted ICANN’s security concern at a recent conference. A repeat of the DDoS (Distributed Denial of Service) strike on six root servers in February could be powerful enough to cause a massive virtual blackout.

The security keys are not actually in use yet. It would be a different matter for the DHS responding to a massive DDoS attack.

Crawford explains the DHS has a long way to go. From the outside, it looks as if [DHS] doesn't really know what it's doing. They're trying, but many of their efforts lack timeframes for completion. Other problems (including high turnover rate among senior officials at DHS) have had an impact, although there seems to generally be a failure of imagination at the agency. She has been advocating creation of a new internet governance group to resolve the problem.

All of the internet governance models we have right now have strengths and weaknesses. For responses to problems like DDoS attacks, we'd need a forum for discussion that has (1) the non-mandatory merit-based processes of IETF, including real industry involvement leading to substantial market pressure, (2) the globalness of IGF, (3) the agility of a private group, and (4) the clear voice of leadership that can be provided by government involvement. And we'd need to avoid the problems that all of these fora have. To prevent future attacks, we'll need to prevent machines from being turned into zombies that can be directed at targets. That's a big task that requires coordination among many hardware manufacturers and operating system designers. It can't be mandatory, this coordination, because that won't necessarily lead to the right set of solutions -- but it can be agile, global, and well-led.

Greg Garcia, (formerly vice president at the Information Technology Association of America) is now cyber-security czar at DHS meaning the time could be right for a change in direction at the agency. Crawford held out more hope for a new group to take control. A new entity with a new, friendly acronym. None of the existing institutions will work.

ICANN seems an unlikely agent for the job due to fear of confrontation and disinterest in policing cyberspace (even in a hugely technical sphere cutting to the core of ICANN’s mission, to protect integrity and stability). She wants a multi-stakeholder entity (not the current ICANN).