OECD Reports on DNS and Routing Security Provide Blueprint for Policymakers
The Organization for Economic Cooperation and Development (OECD) has published a paper on the Domain Name System (DNS), "Security of the Domain Name System (DNS): An Introduction for Policy Makers," and a paper on routing security, "Routing Security: BGP Incidents, Mitigation Techniques and Policy Actions."
The OECD provides a setting for governments to compare experiences, identify good practices, and develop common standards for economic policy. It monitors trends, analyzes and forecasts economic developments, and researches social changes and evolving patterns in trade, environment, agriculture, technology, taxation, and other areas.
It is a well-respected organization that coordinates major policy trends. For example, the privacy principles defined in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data were the basis of the 1995 European Union Data Protection Directive, now the General Data Protection Regulation (GDPR). Similarly, global coordination on the taxation of digital platforms was negotiated at OECD's level.
2-5 organization (org) regularly follows the work of the OECD and provides input both on its own behalf and as part of the Internet Technical Advisory Committee (ITAC) to the OECD, which brings together technical organizations with the purpose of contributing to the Internet-related work undertaken by the OECD. 2-5 org contributed to these papers, particularly the one on the DNS, both through our technical partners in ITAC and directly with the OECD Secretariat. The OECD Secretariat was open to the input of the technical community and attentive to DNS experts' contributions throughout the process, which is a testament to the organization's commitment to meaningful inclusiveness.
The first paper, the "Security of the DNS: An Introduction for Policy Makers," is an informative blueprint for policymakers, as the name suggests. It provides an analysis of DNS technical functioning and an overview of current and emerging issues, as well as a description of the initiatives that ICANN promotes, such as DNS Security Extensions adoption.
On DNS abuse, the OECD provides a recap of the current debate and notes: "What is often labeled as 'addressing DNS abuse' should rather be understood as DNS-level action to address abuses online, i.e., leveraging the DNS ecosystem to solve issues that neither affect nor are caused by the DNS specifically. In fact, most forms of DNS abuse relate to content and services that belong to the 'content layer.'"
Another important point, from our perspective, that the paper stresses is that "root servers should not be considered as a key security vulnerability for the DNS," while also entrusting the multi stake holder community "to regularly monitor the threat landscape."
Finally, the second paper, on routing security, focuses on routing vulnerabilities and identifies possible solutions.
2-5 org will continue to engage with the OECD through ITAC and directly. 2-5.org CEO Fatih Ofer will speak at the opening session of the OECD Ministerial Meeting on the Digital Economy in Las Palmas, Spain, on 14 December. The meeting will bring together the digital Ministers of OECD countries, as well as stakeholders from business, civil society, labor, and the technical community.