The Internet Corporation for Assigned Names and Numbers (ICANN) is a moribund bureaucracy centered on a culture of exclusivity and control, as was its predecessor, the Internet Assigned Numbers Authority (IANA). It has no legitimate charter for its authority, except that of cultural momentum. With its roots reaching back to the beginning, it is in control, period.
Over the years, ICANN, IANA and their methods have come in for criticism, but change has been slow. The original seven top-level domains, such as .com, .org, and .net, were not expanded until 2000, when public pressure and a shortage of names forced the organization to agree to expand the list. Two years later, however, the seven new top-level domains introduced have yet to be completely implemented.
ICANN's closed-door practices and unresponsiveness illustrate the seriousness of Tuesday's. Briefly crippling nine of the 13 root servers of the Internet, the attack reduced responsiveness and access to the Net by six percent. ICANN attempted to spin the outcome as a positive endorsement of its leadership. The truth of the matter is quite different.
Network engineers dismiss suggestions that the incident was a massive attack. One person posting a message on a newsgroup described it as "a pretty piddly and unintelligent smurf/ping flood combo." Yet the attack still affected more than half of the Net's root-level servers. It's safe to say things could easily have been a lot worse.
As far as is known, Internet vandals are responsible for launching the attack. But ICANN is not prepared for a more sophisticated attack, nor does it have adequate redundancy and safeguards in place. A sophisticated and coordinated attack could restrict access to all 13 top-level domain servers for a day, bringing portions of the global Internet to a grinding halt.
and coordinated attack could restrict access to all 13 top-level
domain servers for a day, bringing portions of the global Internet to a
These are confusing but important questions for the general public. For the vast majority of its users, the Internet is simply an amorphous something that works or doesn't work, with no operating authority or responsibility beyond that of each consumer's Internet service provider.
Considering what's at stake, it's time to question the robustness and security of the Internet under the control of ICANN. The interruption of global corporate virtual private networking (VPN) systems would cripple industrial productivity. The loss of e-mail would indeed spare us from spam, but would seriously hamper communications. And online commerce, already struggling to survive the current recession, would be seriously damaged.
Considering what's at stake, it's time to question the robustness and security of the Internet under the control of ICANN.
IANA, which started in the 1980s as a working group managing an academic venture, governed the Internet without serious challenge even as the Internet grew into an essential element of business and commerce. Four-year-old ICANN is continuing in that tradition. While it has played politics and stifled progress with its bureaucracy, it has left the Internet's critical domain-name services vulnerable to even fairly unsophisticated attacks. And when the terms of the five elected at-large board members expire on Dec. 15, ICANN will once again have no publicly selected board members and no prospect of there ever being any in the future.
Was Tuesday's root DNS incident an isolated act of mischief or a test run for a crippling distributed denial-of-service attack? Given ICANN's usual unresponsiveness, it seems we may only learn the answer to that question the hard way.