Disinformation and the 2020 Election
Dave Piscitello was again a guest on the Unsung Cyber Hero Adventure TV Network for an episode entitled
The 2020 Election & Disinformation: Is Our Democracy Under Attack!.
Appearing with Dave was fellow cyber investigator, John Bambenek, who is a visiting lecturer at University of Illinois. Also appearing was Llewelyn King,
the Co-creator and host of the PBS Show, The White House Chronicles. Host Gary Berman focused the discussion on a range of interrelated topics.
Ransomware Exposed on Unsung Cyber Hero Adventures TV Network
Interisle principal Dave Piscitello and fellow guest Christiaan Beek of McAfee share experiences dealing with ransomware and related cybercrime during this
Unsung Cyber Hero Adventures TV episode.
Dave and Christiaan explain what ransomware is, how it's delivered, which sectors are the MOST vulnerable to ransomware and why, and how individuals, small businesses and large organizations
should contend with it. They also share how cyber criminals are leveraging Covid-19 to deploy ransomware and answer the thorny question, “should a victim pay the ransom?”
Internet Infrastructure Coalition responds to Interisle's domain registration data report
On April 28 the Internet Infrastructure Coalition (i2Coalition) published
comments on the Interisle Report
“Domain Registration Data at a Crossroads.” The Coalition “objects to the flawed conclusions drawn by”
the report and charges that it “establishes a false framework as the basis from which it assesses registrars.” They conclude that “[t]he report reads more like
the promotion of specific agendas, including on policy development work in the context of the ICANN EPDP, rather than solutions.”
Interisle stands by its report and will entertain and review any data or equivalent analyses provided by the Coalition that would influence its findings or recommendations.
Interisle releases report on domain registration data
Internet users of all kinds rely on public domain name registration data services ("Whois") to obtain accurate and up-to-date operational and registration information
for vital and legitimate purposes. Over the last two years, access to domain name registration data has been drastically curtailed as a result of ICANN policies,
data privacy laws, and due to practices by registrars and registry operators.
Interisle studied domain registration data, measuring the effectiveness and impact of ICANN's registration data access
policies and procedures by examining the practices of 23 registrars, which collectively sponsor more than two-thirds of the registrations in the generic top-level
domains (gTLDs). It determined whether they comply with ICANN's policies and related contractual obligations, and also to the European Union's General Data Protection Regulation (EU GDPR).
You can read the Full Report, just the Executive Summary,
or the Press Release.
The business of domain names
John McCormac cites data from Interisle's report on Criminal Abuse of Domain Names in his November 2019 book
Domnomics: The business of domain names. The book presents a comprehensively data-driven indictment
of the domain name industry and ICANN's failure to recognize and respond to its abuses. [Note: Interisle receives no compensation of any kind for this or any other referral click-through.]
Interisle releases report on criminal domain abuse
Interisle studied the impact of bulk registration of domain names and how they aid cybercriminals with malware, ransomware, phishing, botnets and spam attacks.
In the report, we studied "bulk registration misuse" by criminal actors. Bulk registrations refers to the practice of rapidly acquiring domain names,
using these in an attack, and abandoning them as if they were throw-away ("burner") phones. These domains are a critical resource for cybercriminals.
You can read the full report: Criminal Abuse of Domain Names or
just the Executive Summary.
ICANN must do more to fight Internet security threats
ICANN is conducting a distracting debate about the kinds of events that should be described as “DNS abuse”. The instigators of this debate
hope to relieve ICANN and its constituencies of responsibility for the way in which identifiers are used to inflict harm on internet users.
However convenient it may be, it is fundamentally wrong. Harmful content itself is not ICANN's concern; the way in which Internet identifiers are used
to weaponize harmful content most certainly is. This falls squarely within ICANN's Bylaws obligation to operate “for the benefit of the Internet community as a whole”.
In this DomainIncite guest post,
Lyman Chapin and Dave Piscitello discuss why ICANN's remit extends broadly to how a domain name (or other Internet identifier) is misused to point to or lure
a user or application to content that is harmful, or to host content that is harmful. Lyman and Dave offer a pragmatic resolution to the terminology debate:
adopt a term, "security threat", that is already widely used within and outside ICANN community. Use the time otherwise wasted in a pointless terminology
debate to come to terms with a remit they have studiously avoided: adopt an international treaty definition for cybercrimes and collaborate with public and
private sector authorities to disrupt or mitigate these threats.
Dave Piscitello to speak at the APWG EU eCrime Research Symposium
Dave has been invited to speak at the APWG EU eCrime Research Symposium in Barcelona, Spain. The abstract for his presentation,
"Expanding the scope of blocklisting to improve risk-based threat mitigation" is posted at
Corroborating community complaints about ICANN's CZDS approval process
Dave Piscitello ran a simple experiment to investigate complaints regarding the approvals process for ICANN's Centralized Zone Data Service (CZDS).
He applied for all Top-level domains (TLDs) available from the CZDS on May 28 2019 to observe how promptly registries respond to approval requests.
The approval process should be a simple check and sign off: it is for many registry operators but for others, the wait can be significant.
Read more on Dave's blog.
Whois is lost
In the aftermath of GDPR's establishment, ICANN's policies for access to domain registration data (Whois) have created adverse consequences for
investigations into terrorist activities, political influence campaigns and cybercrimes, creating serious threats to public safety. In this
APWG monograph, APWG Board Member and Interisle Principal Dave Piscitello explains exactly how
Whois data is employed during preventative and forensic cyber investigations — and how ICANN's interpretation of GDPR in particular also delays
development of programmatic machine-driven responses that are widely used to maintain public safety and are vital to the long-term viability
of the Internet as a governable domain.
EU Directive on Security of Network and Information Systems
European Union Directive 2016/1148 (NIS)
is the first EU-wide legislation on cybersecurity.
Although the EU's General Data Protection Regulation (GDPR)
has received almost all of the world's attention, the impact of the NIS on network operators is potentially far greater. Interisle's Jim Reid presented
On the Implementation of the EU NIS Directive
at the ICANN DNS Symposium on 10 May 2019;
it's an excellent introduction to the Directive and its consequences. You can listen to Jim's presentation
here until June 13, 2019
Network Collective Podcast on EU GDPR
The European general data protection regulation (GDPR) went into effect nearly a year ago. The regulation applies to EU citizens and residents,
but the adoption of the regulation and subsequent compliance implementations impact cybersecurity and influence business practices globally.
In this podcast episode, Dave Piscitello, Brian Honan, and host Russ White discuss how the regulation has influenced risk assessment for businesses
that process personal data and highlight unintended consequences resulting from efforts to comply with the regulation. Listen to
Episode 50 — GDPR
Pioneers in Skirts
Dave Piscitello recently had the opportunity to preview Pioneers in Skirts, a character-driven documentary addressing gender bias.
By revealing how women have overcome bias to succeed when circumstances conspire against them, the movie seeks to encourage cultures
worldwide to adopt gender parity.
We at Interisle believe that Pioneers in Skirts is an important film for every work environment, a film that speaks to the issues present in the producers
work world and beyond.
Please read Dave's call
to support Pioneers in Skirts.
Dave Piscitello receives the M3AAWG 2019 Mary Litynski Award
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)
announced today that Interisle partner Dave Piscitello is the
recipient of the 2019 Mary Litynski Award, which recognizes
"the lifetime achievements of an individual who has significantly contributed to making the Internet safer, working far from the public eye over a
significant period of time for the greater good." The Award was presented at the 45th M3AAWG meeting in San Francisco.
APWG Publishes 2019 Mission Statement
The Anti-Phishing Working Group (APWG) has published its Mission Statement:
"2019: A Critical Year for Privacy Rights, Data Protection and Public Safety",
written by Interisle partner Dave Piscitello on behalf of the APWG Board of Directors.
CAUCE welcomes Dave Piscitello to Board of Directors
The Coalition Against Unsolicited Commercial Email (CAUCE) announced the addition of
Dave Piscitello to the Board of Directors. Dave's field and policy experience with exposing and mitigating the exploitation of domain names
and the domain name system (DNS) by spammers, cyber-attackers, and cyber-criminals complements the law enforcement, threat research, and email abuse
skill sets already present on the board. He will work with CAUCE to raise cross-community awareness of abuses and misuses of domain names and
the DNS by studying and calling attention to policy vacuums and weaknesses, by promoting abuse reporting systems that can help governance
bodies and lawmakers make informed decisions, and by delivering DNS investigations training programs for law enforcement.
Dave Piscitello to join Interisle
David Piscitello, a widely respected security and cybercrime expert with an international reputation fighting criminal abuse of the Internet and its Domain Name System (DNS),
will join Interisle Consulting Group upon his retirement from the International Corporation for Assigned Names and Numbers (ICANN).
He brings 40 years of experience with network security practices; cybercrime policy, mitigation, and response; and DNS abuse investigation training.
For more information about Dave, see his brief bio or check out his recent publications
at The Security Skeptic.
Why People Hate ISPs
Underlying the debate on "network neutrality" is a pervasive negative attitude in the US towards ISPs. Interisle principal Fred Goldstein has written an
article on this topic on TMCnet.
Interisle presentation on Title II options at WISPAPALOOZA
Interisle partner Fred Goldstein presented a talk at the Wireless ISP Assocation's WISPAPALOOZA event in October, 2017.
He suggests that the debate over whether or not to apply Title II regulation to ISPs is addressing the wrong questions,
and that a layered approach would not only be superior, but is what the law actually intended.
See the slides from his presentation.
Interisle Selected for ICANN Review of RSSAC
The Internet Corporation for Assigned Names and Numbers (ICANN) has appointed Interisle Consulting Group to conduct an independent review
of the Root Server System Advisory Committee (RSSAC). The RSSAC serves to advise the ICANN community and ICANN Board on matters relating
to the operation, administration, security, and integrity of the Internet's Root Server System.
Read the ICANN announcement.
Interisle Filing to FCC on Network Neutrality
The FCC is now seeking to roll back its 2015 decision to impose Title II regulation on Internet services.
Interisle supports removing Title II regulation from ISP services per se but not from the underlying transmission services of large carriers.
We propose a set of safe harbors by which these large vertically-integrated ISPs could either offer their transmission services separately or
provide a fully-neutral IP service to a point where others can interconnect.
If they choose neither option, they should be required to live up to the "four freedoms" of Internet openness.
Read Interisle's full filing.
New Associate: Ralph Droms
We are pleased to welcome Ralph Droms as a new Interisle associate.
Trends for Wireless ISPs
Interisle's Fred Goldstein delivered a presentation forecasting long-term technical
and regulatory trends for the wireless ISP industry at WISPAPALOOZA 2016, the wireless ISP industry's premier trade show.
"Community Broadband Bits" Podcast
The second episode of Fred Goldstein's podcast is now available: Just What is the Internet?.
"Community Broadband Bits" Podcast
Chris Mitchell of the Institute for Local Self-Reliance interviewed Interisle's Fred Goldstein for his Community Broadband Bits podcast last month.
The first of two episodes is available: Smart FCC Decisions Helped Create the Internet.
Interisle Selected as FCC Technical Consultant for WISPA
Interisle has been selected by the Wireless ISP Association (WISPA)
as their FCC Technical Consultant. This effort, led by Interisle partner Fred Goldstein, involves working with the wireless ISP industry to ensure that
their needs are understood by the FCC, and to help the WISP membership with their FCC compliance. WISPA has over 800 members, mostly small businesses,
serving millions of customers across the United States, largely in rural areas not served by larger providers.
Interisle's Work on Hybrid Broadband Access
Interisle partner Fred Goldstein is cited in an article
in the Greenfield, MA "The Recorder" referring to the work he is doing with a number of towns in Western Massachusetts, and New Hampshire to determine the
most cost-effective approach to provide broadband access to un-served and under-served communities using a combination of fiber and wireless technologies.
Reserved Top Level Domains Proposed
Recent reports by Interisle and others describe the risks associated with the delegation of top-level domain names (TLDs
that have previously been used to anchor locally-defined private naming schemes (e.g., Microsoft Active Directory domains)—a
scenario commonly referred to as name collision.
Three names are identified as particularly risky in the studies by
and ICANN's Security and Stability Advisory Committee (SSAC):
home, corp, and mail.
Permanent reservation of these three names has been proposed to the Internet Engineering Task Force (IETF) by Interisle
partner Lyman Chapin and his colleague Mark McFadden of InterConnect Communications in an
Internet Draft that will be
discussed at the upcoming IETF meeting in Dallas.
Interisle Prepares for OECD Ministerial
The Internet Society coordinates the
Internet Technical Advisory Committee (ITAC) for the
Organisation for Economic Co-operation and Development (OECD).
In preparation for the OECD Ministerial meeting in Mexico City in 2016, Interisle partner Lyman Chapin writes in the latest ITAC newsletter
about The Open Internet, and why it is "more than just a good idea."
We've all used the term Open Internet so often, in so many different contexts, that we tend to assume that everyone knows what it means—and
that it means the same thing to everyone. But some people think that having an "open Internet" is the same as having "network neutrality,"
and others think that an "open Internet" is simply an anarchy in which the rule of law and other norms of human behavior don't apply.
Neither viewpoint captures the essential properties of openness that make the Internet such a uniquely valuable platform for social and economic growth.
Interisle Contributes to Ofcom Report
Interisle partner Colin Strutt,
working with Jim Reid (RTFM),
produced the report on UK IPv4 and IPv6
address allocations for, and now published by, Ofcom, the UK communications regulator.
Portions of the report were included in the larger Ofcom
Infrastructure Report 2014.
Interisle Presents at WISPA Convention
Interisle partner Fred Goldstein spoke at WISPAPALOOZA,
the annual convention of the Wireless ISP Association (WISPA), in Las Vegas.
His topics included hybrid fiber-wireless networks and opportunities for WISPs selling to local governments. Both drew upon Interisle's
experiences managing PSnet for the Metro Boston Homeland Security Region.
He also joined attorney Steve Coran in a presentation on Network Neutrality, a subject in which the interests of small ISPs,
and their customers, are often overlooked. Interisle looks forward to working with more members of the Wireless ISP community in the future.
Name Collisions at WPNC
Interisle partner Colin Strutt has been invited to present at the
Workshop and Prize on Root Causes and Mitigation of Name Collisions (WPNC) 8–10 March 2014
in London. The title of his talk is
"Looking at corp.com as a proxy for .corp"
where he presents results of analyzing name collisions in DNS queries to corp.com and suggests approaches for ISPs and similar organizations to prepare
to support users before and after delegation of new gTLDs.
Streaming Video and the Internet
Video now constitutes as much as half of consumer Internet traffic, and is growing rapidly. This puts pressure on ISPs,
leading to peering disputes and other issues with the video providers, notably Netflix.
Interisle partner Fred Goldstein explores why streaming video is not just another application in his article
"Streaming Video Isn't Playing Nice With the Internet".
Why the Internet is, by Definition, Ungovernable
Following on from his presentation "Internet by Definition" at the e-Conference
"Is There A Third Way For The Internet: Neither The US Nor The UN But Independence?", Interisle partner Fred Goldstein
expanded this into an article on the subject,
the Internet is, by Definition, Ungovernable".
Name Collisions at Domain pulse
Interisle partner Colin Strutt has been invited to present at
Domain pulse 2014 (being held 20–21 February 2014 in Salzburg, Austria) on the results of the
Collision Study that Interisle conducted for ICANN.
Internet by Definition
On November 12, Interisle partner Fred Goldstein was a panelist in the e-Conference
A Third Way For The Internet: Neither The US Nor The UN But Independence?",
sponsored by the Columbia Institute for Tele-Information (CITI) of the Columbia University
His presentation "Internet by Definition" (which begins around 1:07:50) explained why the Internet, as a set of voluntary
agreements, cannot actually be governed, though its participants may trust coordination
functions, which are essentially consultative.
Interisle's DNS Name Collision Report Posted
Interisle's report on Name Collision
in the DNS has been posted by ICANN.
Interisle provided input to the FCC
Interisle partner Fred Goldstein has filed these Comments
with the FCC in the recent docket concerning whether, or how, non-carrier Interconnected Voice over IP service providers
should have direct access to telephone numbers. He points out how some of the suggested methods
could have a destabilizing effect on the public switched telephone network.
Interisle report on Barnstable County IT & Telecomms survey published
The Cape Cod Economic Development Council published Interisle's report on a 2012 survey of Barnstable County IT and Telecommunications. You can read more about the CCEDC project at their website.
Support for the FCC's Open Internet Order
Interisle partner Lyman Chapin is one of the Internet engineers and technologists who have filed a brief amicus curiae supporting affirmation of the FCC's 21 December 2010 Open Internet Order, which has been challenged by Verizon and MetroPCS in the United States Court of Appeals for the District of Columbia Circuit. The summary of the argument presented in the brief begins "The Internet's remarkable ability to generate innovation, investment, and economic growth is a product of its openness."
Interisle's WHOIS Survey Report Posted
Interisle's report on the WHOIS Proxy/Privacy Reveal & Relay feasibility survey has been posted by ICANN.
Interisle Will Evaluate Applications for New Internet Top-Level Domains
ICANN is preparing to add hundreds of new top-level domains (TLDs) to the DNS, and Interisle will be evaluating each one to be sure that the proposed TLD name and registry services don't jeopardize Internet security or stability. Interisle was selected as the Registry Services and DNS Stability evaluator last November, and will begin work on the first batch of applications on June 12. New TLDs that pass all of the evaluations will begin to appear in the DNS in mid-2013.
Interisle welcomes Fred Goldstein as a new Principal. Fred has already been working with Interisle for many years. He adds his extensive experience to Interisle, particularly in the telecommunications space.
Interisle Consulting Group Selected to Conduct Survey to Identify Potential Participants for a gTLD
Whois “Relay” and “Reveal” Study
June 17 — ICANN has engaged Interisle Consulting Group to survey gTLD domain name registrants, registrars, and privacy and proxy service
providers regarding their willingness and ability to participate in future Whois Relay and Reveal studies. The survey will gauge the
willingness and ability of request originators, privacy/proxy providers, and registrars to participate in future studies, by
identifying factors that would facilitate or inhibit their participation and by developing a list of individuals and
organizations potentially willing to participate. Jim Reid of RTFM Ltd. will collaborate with Interisle on this project.
Interisle and Galaxy continue to support the Metro Boston Homeland Security Region in the ongoing evolution
of their regional network to support public safety organizations, or "PSnet."
We are currently working on an extension of PSnet Phase 4 to complete integration with the region's Critical Infrastructure Monitoring System
(CIMS) microwave network, including security hardening and improvements in maintainability. The goals are to continue to
drive down future recurring costs while providing a highly resilient, high capacity network that leverages both fiber optic
and microwave communications in a complementary manner. Network capacity continues to increase as new links are added into
the backbone while overall resilience and survivability improves. Enhancements to network monitoring and management are
being used to improve security and maintainability, while also supporting day-to-day operations and future planning.
Phase 3 of the
PSnet project is now under way. Interisle, operating with
partner Galaxy Internet Services, will will be providing
expertise in several technical, policy, and governance areas
related to this effort, under which nine municipalities in
greater Boston are collaborating, together with State and
Federal agencies, universities, and other nongovernmental
organizations, to build and operate a high-quality regional
network supporting public safety applications. PSnet applies
many of the technical and governance principles underlying the
public Internet to create a flexible, dynamic network by
interconnecting existing and planned networks within a unified
policy, operational, and governance framework.
Interisle has completed a comprehensive review of the African
Network Operators Group (AfNOG),
a forum for technical coordination and cooperation among African
Internet service providers and network engineers from the
region’s universities, research institutions, and industry. The
review affirms AfNOG's extraordinary success over the past nine
years in fulfilling its core mission: improving the
accessibility and value of the Internet in Africa by training
engineers and nurturing a collaborative community of networking
experts. It also identifies potential impediments to future
growth and effectiveness, and recommends steps that AfNOG's
organizers and supporters could take to avoid them.
Wade has developed a spreadsheet tool for IP address
planning and inventory tracking. It supports supernetting and
subnetting, and can be used by merely entering CIDR values. It
detects errors, and eliminates the tedium of converting between
binary and dotted decimal notations. You can get more
information and download this tool as an Excel workbook from
Consortium has engaged Interisle to develop whitepapers and
technical best practices documentation for the growing community
of Kerberos users and developers. Kerberos is widely used as a
single sign-on authentication solution for both users and
services, and it also plays an important role in several emerging
technologies. As the Kerberos community expands, and more system
administrators work with Kerberos in mixed platform environments,
there is greater need for sound guidance on best practices for
deploying and managing Kerberos-based security solutions.
will work with
ICANN and Deloitte Audit & Enterprise Risk Services
(Belgium) to develop criteria and procedures for evaluating
new generic top-level domain names (gTLDs). Existing gTLDs
include .com, .net, and .org; the term "generic" distinguishes
these domains from those based on country codes, such as .br
(Brazil) and .jp (Japan). ICANN's Generic Names Supporting
Organisation (GNSO) approved
policies for the introduction of new gTLDs on 6 September
2007; ICANN is expected to begin processing new gTLD
applications in mid-2008.
In cooperation with
Clearing House and
Strutt edited Parts 2 and 3
of the X9AB WG17
ANSI Draft Standard for Trial Use X9.100-172, “Specifications
for the Validation of Interoperable
Check Security Feature (ICSF)”, which was approved by the X9
and ANSI boards on 10
Chapin has served for the past 13 years as the USA and ACM
representative to the communication systems technical committee
of the International Federation for Information Processing (IFIP
most recent report appears in the April 2007 issue of the
ACM SIGCOMM Computer Communication Review.
Halpern is working in the
Engineering Task Force (IETF) on a
Forwarding and Control Element Separation (ForCES) protocol,
which defines a standard communication and control mechanism
through which a network Control Element (CE) can control the
behavior of a network Forwarding Element (FE). His latest
Internet Draft is
Chapin has been appointed to chair a standing technical panel of experts
that will review proposals to the