Private Sector Emerging Cyber-Security Pressures

The large number of applications submitted exceeding ICANN’s original projections can be explained, with the new gTLD program having a profound impact on the private sector’s increasing dominance over Internet information resources and ownership of critical registry technical infrastructure assets. It is projected only the private sector will take full advantage of the commercial possibilities offered by the introduction of new gTLDs creating new innovations.

The successful introduction of new gTLDs will also create new challenges of security for the private sector. Creation of Internet additional domains would expose to different security risks on the Internet. Applicants are expected to describe in details the security policies and procedures of the proposed registry, and to go to some considerable depth in explaining how denial of service attacks would be mitigated, and describe their computer and network incident response policies, plans, and processes; the types of defences that will be deployed against threats, etc. What ICANN considers as a robust response to the Security Question must show “evidence of highly developed and detailed security capabilities” amongst other requirements, coupled with an independent assessment report that demonstrates effective security controls as proof of conformance to the ISO27001 Certification Standard.

Cyber-security threats have now emerged as the defining security challenges of the global Internet economy. National Security operatives are now seized by the issue of Cyber-security. They are actually now more worried and concerned about security threats on computers and information resources than a physical terrorist attack that can be easily detected and disrupted in an airport. Sharing advance passenger information on airline passengers for example between the United States and European countries will make it more difficult for a terrorist to board an airline flying between Europe the USA. Moreover, increased and more efficient traditional spying has helped security and anti-terrorism agencies to more accurately identify and prevent terrorists from carrying out their wicked plans, but the identity of cyber-warriors remain very much anonymous, and pinpointing their exact geographical location remains a major technical challenge.

Advance Passenger Information (API), already obligatory in the USA and across all EU member states, is increasingly required by governments around the world.  Combined with Passenger Name Records (PNR), this information must be sent by the airlines to the destination country’s border security department to facilitate the passenger screening that is crucial for effective border management.

For more information on API and its transmission please visit this site from ARINC.