Public participation site

In a report released today by the research group, TeleGeography, Executive Director, John Dinsdale says, "traditional telcos have been losing substantial market share while leading cablecos have succeeded in transforming their businesses to the point where almost 40% of their revenues now come from telecoms. Comcast, Time Warner Cable and Liberty Global all now feature in the top 15 ranking of broadband internet service providers, and telecoms remains an engine for growth for many cablecos around the world."

According the report, in the first half of 2009, broadband Internet and telephony services have generated over USD30 billion for cable companies around the world. "The sales were derived from a customer base that includes 82 million broadband internet subscribers and 49 million telephony subscribers. The revenue figure may seem relatively small compared to a global wireline services market of well over USD700 billion per year, but cablecos' telecoms revenues have grown 28% per annum since 2003, while the aggregate wireline market has grown at just 4% annually."

Follow CircleID on Twitter

More under: Access Providers, Broadband, IPTV, Telecom, VoIP

In a report released today by the research group, TeleGeography, Executive Director, John Dinsdale says, "traditional telcos have been losing substantial market share while leading cablecos have succeeded in transforming their businesses to the point where almost 40% of their revenues now come from telecoms. Comcast, Time Warner Cable and Liberty Global all now feature in the top 15 ranking of broadband internet service providers, and telecoms remains an engine for growth for many cablecos around the world."

According the report, in the first half of 2009, broadband Internet and telephony services have generated over USD30 billion for cable companies around the world. "The sales were derived from a customer base that includes 82 million broadband internet subscribers and 49 million telephony subscribers. The revenue figure may seem relatively small compared to a global wireline services market of well over USD700 billion per year, but cablecos' telecoms revenues have grown 28% per annum since 2003, while the aggregate wireline market has grown at just 4% annually."

Follow CircleID on Twitter

More under: Access Providers, Broadband, IPTV, Telecom, VoIP

"What Will the Internet of the Future Look Like?," was the subject of a panel discussion held this week in Washington, DC, organized by the Information Technology & Innovation Foundation (ITIF). The discussion was aimed at examining pending Internet regulations in the U.S. and their impact on packet discrimination, traffic shaping, network management, and carrier business models. The panel, moderated by Robert Atkinson, included: Richard Bennett; Dr. David Farber; Charles Jackson; and Jon Peha. Further details as well as video and audio recording of the event is available here.

Follow CircleID on Twitter

More under: Access Providers, Broadband, Cloud Computing, Net Neutrality, P2P, Policy & Regulation, Telecom, Wireless

"What Will the Internet of the Future Look Like?," was the subject of a panel discussion held this week in Washington, DC, organized by the Information Technology & Innovation Foundation (ITIF). The discussion was aimed at examining pending Internet regulations in the U.S. and their impact on packet discrimination, traffic shaping, network management, and carrier business models. The panel, moderated by Robert Atkinson, included: Richard Bennett; Dr. David Farber; Charles Jackson; and Jon Peha. Further details as well as video and audio recording of the event is available here.

Follow CircleID on Twitter

More under: Access Providers, Broadband, Cloud Computing, Net Neutrality, P2P, Policy & Regulation, Telecom, Wireless

The average handset has evolved from the humble voice-box, to the total media centre. As a result thousands of start-up companies are profiting out of the Telecom sector's advances, supplying the various add-ons which inevitably accompany any new wave of technology. Such innovations were used by the operators to supplement the pricey voice packages. However, the operators are now finding themselves in the hands of the ever-creative software/hardware companies and the changing consumer culture. iPhone appstore was the first to take advantage and make millions from the operators' customers, creating a financial redistribution within the Telecom industry. With the telecom giants left to maintain the costly infrastructure that supports this ever growing new-media industry, the outlook for today's communication service providers is set to get worse in a new 4G world where broadband is everywhere (LTE, WiMax, FTTX and cloud services). How can the giants sustain such costs and avoid being relegated to the sidelines as bit-pipe providers?

To answer this question visionaries such as Zhang Fan, CTO of China Unicom, Anil Tandan, CTO of Idea Cellular, Ravinder Jain, CIO of Aircel, Michael Kuehner, CEO of AXIATA Bangladesh and Mu Piao Shih, President of Chunghwa Telecom are all set to attend what is a closed meeting at the NGT APAC summit in Sentosa, to discuss a unified investment strategy to provide Long Term Evolution (LTE) across the existing 3G network. Such increased download speeds will allow the telecom industry to capitalize on the change in consumer habits and provide wider service offerings.

"Asia's innovative technologies have inspired the western world and with economic pressures alleviating, we are now looking to invest in 4G to capitalize on the 'Prosumer' market." Said a spokesman for the fifty strong consortium at the NGT APAC Summit

This most elite of delegations led by Kyle Whitehill, COO of Vodafone India, are set to discuss the rapid pace of communication, transforming from the one-to-one (direct) voice communication to the fast, informal & responsive, opinion and thought exchange we have today.

"Such a meeting has been a long time coming, large operators have been losing revenue as the communication market has diversified, network optimization should lend to them finding new revenue streams as the level of service can expand"—Nick York, NGT Summit Director Asia Pacific.

Such consumer & technology transformation has distorted the way 'Prosumer' consume their products & services, and interact with their mobile devices. The industry awaits to see if Asia's Top Telecom guns can decide on a unified approach to map revenue streams back to the operators.

Submitted by Emma Naylor, Press Officer, NG Online News

Follow CircleID on Twitter

More under: Access Providers, Mobile, Telecom, Wireless

The average handset has evolved from the humble voice-box, to the total media centre. As a result thousands of start-up companies are profiting out of the Telecom sector's advances, supplying the various add-ons which inevitably accompany any new wave of technology. Such innovations were used by the operators to supplement the pricey voice packages. However, the operators are now finding themselves in the hands of the ever-creative software/hardware companies and the changing consumer culture. iPhone appstore was the first to take advantage and make millions from the operators' customers, creating a financial redistribution within the Telecom industry. With the telecom giants left to maintain the costly infrastructure that supports this ever growing new-media industry, the outlook for today's communication service providers is set to get worse in a new 4G world where broadband is everywhere (LTE, WiMax, FTTX and cloud services). How can the giants sustain such costs and avoid being relegated to the sidelines as bit-pipe providers?

To answer this question visionaries such as Zhang Fan, CTO of China Unicom, Anil Tandan, CTO of Idea Cellular, Ravinder Jain, CIO of Aircel, Michael Kuehner, CEO of AXIATA Bangladesh and Mu Piao Shih, President of Chunghwa Telecom are all set to attend what is a closed meeting at the NGT APAC summit in Sentosa, to discuss a unified investment strategy to provide Long Term Evolution (LTE) across the existing 3G network. Such increased download speeds will allow the telecom industry to capitalize on the change in consumer habits and provide wider service offerings.

"Asia's innovative technologies have inspired the western world and with economic pressures alleviating, we are now looking to invest in 4G to capitalize on the 'Prosumer' market." Said a spokesman for the fifty strong consortium at the NGT APAC Summit

This most elite of delegations led by Kyle Whitehill, COO of Vodafone India, are set to discuss the rapid pace of communication, transforming from the one-to-one (direct) voice communication to the fast, informal & responsive, opinion and thought exchange we have today.

"Such a meeting has been a long time coming, large operators have been losing revenue as the communication market has diversified, network optimization should lend to them finding new revenue streams as the level of service can expand"—Nick York, NGT Summit Director Asia Pacific.

Such consumer & technology transformation has distorted the way 'Prosumer' consume their products & services, and interact with their mobile devices. The industry awaits to see if Asia's Top Telecom guns can decide on a unified approach to map revenue streams back to the operators.

Submitted by Emma Naylor, Press Officer, NG Online News

Follow CircleID on Twitter

More under: Access Providers, Mobile, Telecom, Wireless

On November 2, 2009, Microsoft released its seventh edition of the Security and Intelligence Report (SIR). The SIR provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications.

The following is an excerpt from the SIR, pp 29-32, about the Conficker worm and the industry response that showed an incredible amount of collaboration across vendors.

* * *

Case Study: The Conficker Working Group

The appearance in late 2008 of Win32/Conficker, an aggressive and technically complex new family of worms, posed a serious challenge to security responders and others charged with ensuring the safety of the world's computer systems and data. ("Win32/Conficker Update," beginning on page 95, explains the technical details of the Conficker worm and the methods it uses to propagate.) Working together, however, the security community was able to react quickly to the threat and contain much of the damage, in the process establishing a potentially groundbreaking template for future cooperative response efforts. On October 23, 2008, Microsoft released critical security update MS08-067, addressing CVE-2008-4250, a vulnerability in the Windows Server service that could allow malicious code to spread silently between vulnerable computers across the Internet.

The vulnerability affected most currently supported versions of Windows, although architectural improvements in Windows Vista and Windows Server 2008 made them more difficult to exploit than earlier versions. Like the worms that plagued the Internet earlier this decade, malware that exploited the vulnerability would be able to spread without user interaction by taking advantage of the protocols computers use to communicate with each other across networks. For this reason, and because actual attack code that exploited the vulnerability was known to exist in the wild at the time, the MSRC took the unusual step of releasing MS08-067 "out of band" rather than wait for the next scheduled release of Microsoft security updates, which takes place on the second Tuesday of every month. Security Bulletin MS08-067 happened to be released on the last day of the eighth annual meeting of the International Botnet Task Force in Arlington, Virginia, a suburb of Washington, D.C., where attendees agreed to closely monitor developments around what appeared to be the first legitimately "wormable" vulnerability to be discovered in Windows in several years.

The November appearance of Win32/Conficker, the first significant worm that exploited the MS08-067 vulnerability, marked a major challenge for security researchers, due to the aggressive tactics several of its variants used to propagate. Despite this, researchers soon discovered a way to limit or eliminate the Conficker bot-herders' ability to issue instructions to infected computers. As described on page 96, the authors of the Conficker malware used an algorithm to generate 500 new domain names every day (250 for each of the first two Conficker variants discovered) to use for command-and-control servers. Computers infected with Conficker would attempt to contact each of these generated domain names every day. If the authors had a task they wanted the computers in the botnet to perform, they would simply use the same algorithm to generate domain names in advance and register a few of them, which they could then use to host command-and-control servers.

Fortunately, researchers from Microsoft and other organizations were able to reverse engineer the domain-name-generation algorithms used by the first two variants, designated Worm:Win32/Conficker.A and Worm:Win32/Conficker.B, soon after each variant was discovered. This enabled them to begin registering the domain names before the botnet operators could, thereby impeding the Conficker malware from obtaining new instructions. Initially, the researchers resorted to registering the domains commercially through the domain name registrars for the eight top-level domains (TLDs) (.com, .net, .org, .info, .biz, .ws, .cn, and .cc) used by Conficker, an approach that quickly became unworkable. Registering 500 domain names per day would cost thousands of (U.S.) dollars per day for the foreseeable future—and the cost would only increase if new variants appeared using different name-generation algorithms. It was clear that more help would be needed.

The Conficker Working Group Is Born

In January 2009, representatives from a number of security research companies and domain registrars, along with the anti-botnet Shadowserver Foundation, began discussing how best to implement a defensive Domain Name Service (DNS) strategy to handle domain registrations. To coordinate the significant amount of e-mail being generated by these discussions, the group established the CONFICKER e-mailing list on January 28, which drew a growing number of security researchers and members from law enforcement, academia, and industry, in addition to members representing each of the eight TLDs used by Conficker. Enlisting the support of the TLD operators would prove to be a vital step in containing the Conficker threat, enabling the group to block domain names more efficiently and at far less expense than would be possible through the commercial registration process.

By early February 2009, working group members had instituted a process for registering as many domain names as possible, before the Conficker operators could register them, and assigning them to IP addresses belonging to six sinkholes (server complexes designed to absorb and analyze malware traffic) operated by organizations belonging to the working group. Infected computers looking for command-and-control servers would contact the sinkholes instead, providing researchers with valuable telemetry for analyzing the spread of the worm. A number of Internet service providers (ISPs) were also able to use this telemetry data to identify infected computers.

Around the same time, the Internet Corporation for Assigned Names and Numbers (ICANN), which is responsible for allocating IP addresses and managing the Internet domain name system, invited the group to deliver a presentation on its domain registration efforts to a meeting of the ICANN board of directors. The board expressed its support for the program and assigned two staffers to help coordinate it. Despite these efforts, the Conficker operators were still able to register some domains before the working group could get to them. To mitigate this, researchers at Kaspersky Lab, an anti-malware vendor headquartered in Russia, worked with OpenDNS, a free network resolution service used by many organizations and individuals, to compute a year's worth of Conficker domain names and proactively point them at the group's sinkholes. Any infected computer belonging to an OpenDNS user would not be able to contact any of the Conficker command-and-control servers, even on domains the Conficker operators had been able to secure.

The formation of the Conficker Working Group (CWG) was officially announced to the public on February 12, 2009, as what a number of news stories characterized as an unprecedented example of global cooperation in the computer security industry, and a potential blueprint for dealing with threats in the future. The CWG had grown from an e-mail list for nine individuals to a group of more than 30 member organizations from around the world, coordinating complex activities through a robust communications infrastructure. On the day the CWG was announced, the group had successfully registered every Conficker domain name for the next 10 days, a genuine—if temporary—victory over the Conficker operators.

Setbacks and Triumphs

The domain registration task became exponentially more challenging on March 4, 2009, with the discovery of Worm:Win32/Conficker.D. Investigators reverse-engineered the new variant and determined that it was programmed to generate 50,000 new domain names a day across 110 TLDs, beginning on April 1, 2009. Though this seemed at first like an impossible hurdle to overcome, CWG members immediately began working to counter the effects of the upcoming change. As security researchers continued to analyze the Conficker.D malware, ICANN staffers began contacting the registries responsible for each of the affected TLDs seeking cooperation in registering or blocking the domains, and the CWG compiled "go packs" of information for Internet service providers and enterprises about the steps they should take to help keep their customers and employees safe.

April 1, 2009, came and went, with the world outside the security community noticing little or no change. By that time, however, ICANN had secured the cooperation of all 110 TLDs used by Conficker, and the global DNS community was active and prepared to deal with the Conficker threat. Rapid, effective collaboration across borders and organizational lines had proven instrumental in containing what has been, and remains, a significant threat to the world's computers and information.

The CWG Today

The CWG remains in place today, with more than 300 member organizations representing law enforcement, academia, and industry, and remains vigilant against new developments. In cooperation with ICANN and the DNS community, the CWG continues to block or register the 50,000 domain names generated each day by the Conficker algorithms. Each month the group supplies the 110 affected TLD operators with an updated list of generated domain names covering the next several months, so they can begin implementing countermeasures well in advance. Automated mechanisms verify that each domain name has been blocked before it is scheduled to be used and alert the CWG for any that have not, so activity for those domains can be closely monitored. Once in a while, a domain name generated by the algorithm happens to correspond to an existing domain owned by a legitimate party; in such cases, the CWG contacts the legitimate domain owner in advance and offers assistance managing the expected spike in traffic coming from infected computers.

In March, the group underwent a reorganization process to add structure and to segment its work by subject area to work more effectively. The group maintains a Web site at http://www.confickerworkinggroup.org with links to information in multiple languages about Conficker and resources that service providers and end users can use to determine if they are infected, and if so, what to do about it. The fight against Conficker is not over. The five identified variants continue to spread to new computers due to a lack of information or action on the part of some system administrators and end users. Even after Conficker recedes into insignificance, there will likely be other threats of similar magnitude to deal with in the future. As such threats appear, though, collaborative efforts, such as the CWG, can provide the global security community with unequaled tools for mitigation and resolution.

* * *

The SIR contains other data on Conficker including how many machines were cleaned by the Microsoft Malicious Software Removal Tool and its comparison to other malware removed during the first half of 2009.

Written by Terry Zink, Program Manager

Follow CircleID on Twitter

More under: Malware, Security, Spam, Top-Level Domains

The recently completed ICANN Conference in Seoul, Korea will be remembered for a unique accomplishment—the first definitive step towards the addition of Internationalized Domain Names (IDNs) to the Internet root. In the words of ICANN's press release:

"ICANN's Fast Track Process launches on 16 November 2009. It will allow nations and territories to apply for Internet extensions reflecting their name—and made up of characters from their national language. If the applications meet criteria that include government and community support and a stability evaluation, the applicants will be approved to start accepting registrations."

As the announcement states, the applicants, at this time, are limited to nations and territories; the first IDNs will be in country code top level domains (ccTLDs). The generic TLDs, (the gTLDs, e.g., .org, .com and .info) will have to wait for their opportunity to apply for IDNs. There is a long history to this development. Its timing is at least partly due to the insistence of two major nations, China and Russia, both of which have been in a position to establish alternate roots in Chinese and Cyrillic characters, respectively. The ICANN approval of the Fast Track Process recognizes this reality while maintaining the global interoperability of the Internet. Two major issues, however, remain unresolved—the question of ccTLD financial support for ICANN, and the nature of the agreements between ICANN and each ccTLD concerning their operations.

Before the Conference, ICANN released the third version of the Draft Applicant Guidebook for new generic Top-Level Domains (gTLDs)—the "DAG". Just as the second version was not greeted with universal acclaim, the third fails to meet the concerns of many Internet stakeholders. At the conference, ICANN recognized another reality by acknowledging that the timeline for the introduction of new gTLDs is put off indefinitely. There is likely to be at least one more version of the DAG before the final Guidebook appears. ICANN is still looking for some kind of consensus on the four overarching issues it has identified:

1. Trademark Protection;
2. Potential for Malicious Conduct;
3. Security and Stability: Root Zone Scaling; and
4. TLD Demand and Economic Analysis.

ICANN has established a Wiki for comment on each of them.

The trademark protection issue was singled out for separate treatment. ICANN's Board wrote to the GNSO Council requesting its "view on whether the following rights protection mechanisms recommended by the staff are consistent with the GNSO's proposed policy on the introduction of new gTLDs, and are an appropriate and effective option for achieving the GNSO's stated principles and objectives:

• The creation of an IP Clearinghouse which is a database of authenticated trade mark rights in a standard data format including the requirement for registries to provide an IP Claims service or Sunrise process during TLD launch; and
• The creation of a Uniform Rapid Suspension process."

The GNSO Council referred the questions to a Special Trademark Issues team who will attempt to reach consensus by 14 December; in the absence of consensus, the Board will adopt its staff recommendations.

On the issue of TLD Demand and Economic Analysis, ICANN continues to receive criticism regarding the nature of its commissioned economic studies and their failure to deal effectively with such questions as the ability of new registries to be vertically integrated with registrars. PIR, the .Org registry, has been among the leaders in pointing out the dangers of insider trading (domain tasting and front running) that is the likely result of vertical integration. PIR has joined with Afilias (.info) and NeuStar (.biz) in proposing a requirement that a new registry not be allowed to register names through an affiliated registrar. This proposal would not ban cross-ownership itself.

Regarding the Root Zone Scaling issue, there were a number of discussions at the Conference about the technical concerns. The consensus appeared to be that the experts are comfortable with the idea of introducing about 100 new TLDs into the root per year, but any number above that would require at least careful monitoring to avoid overloading the capacity of the system.

The subject of Mitigating Malicious Conduct continues to be a difficult one. There were several meetings at the Conference about abusive domain name registrations, and there are a number of initiatives under way to encourage registries and registrars to take action when the sources of phishing, malware and the like are uncovered.

In Seoul, the reform of the GNSO was largely accomplished. The charters of all the new Stakeholder Groups: Contracted (Registry and Registrar), Non-Contracted (Commercial and Non-Commercial) have been accepted. A question regarding the charter for the Non-Commercial Stakeholder Group was temporarily resolved by making the NonCommercial Constituency (NCUC) a constituency within the Stakeholder Group, making it possible for another constituency to be formed within the group.

Written by David Maher, Senior Vice President, Law and Policy

Follow CircleID on Twitter

More under: DNS, Domain Names, Domain Registries, ICANN, Internet Governance, Multilinguism, Top-Level Domains

Kevin J. O'Brien reporting in the New York Times: "European lawmakers on Thursday agreed on new protections for Internet users, striking a compromise between national governments seeking to impose tough anti-piracy laws and consumer organizations that wanted to enshrine Internet access as an unassailable right. The agreement removes the last hurdle to passage of sweeping changes to European telecommunications law, which had been held hostage for six months by the standoff over Internet access..."

Read full story: New York Times

Follow CircleID on Twitter

More under: Access Providers, Censorship, Law, P2P, Policy & Regulation

Kevin J. O'Brien reporting in the New York Times: "European lawmakers on Thursday agreed on new protections for Internet users, striking a compromise between national governments seeking to impose tough anti-piracy laws and consumer organizations that wanted to enshrine Internet access as an unassailable right. The agreement removes the last hurdle to passage of sweeping changes to European telecommunications law, which had been held hostage for six months by the standoff over Internet access..."

Read full story: New York Times

Follow CircleID on Twitter

More under: Access Providers, Censorship, Law, P2P, Policy & Regulation

According to a recent security report, Spain and the United States are the leading countries when comes to bot-infected computers. Based on data compiled from October by PandaLabs, the research arm of Panda Security, an alarming 44.49% of computers in Spain are infected with bots and United States—a long way behind—at 14.41%, followed by Mexico 9.37% and Brazil 4.81%. Countries least infected include Peru, the Netherlands and Sweden, all with ratios under 1 percent.

According to Luis Corrons, Technical Director of PandaLabs, "Along with rogueware, botnets and zombie computers have increased by more than 30 percent so far this year. This is the simplest way for a hacker to take control of computers to distribute spam or malware, therefore making it more difficult to trace and detect the real culprit. The problem is that owners of these zombie computers will be committing crimes without realizing it, and could face having their services withdrawn by their ISPs or even prosecution."

Follow CircleID on Twitter

More under: Security

According to a recent security report, Spain and the United States are the leading countries when comes to bot-infected computers. Based on data compiled from October by PandaLabs, the research arm of Panda Security, an alarming 44.49% of computers in Spain are infected with bots and United States—a long way behind—at 14.41%, followed by Mexico 9.37% and Brazil 4.81%. Countries least infected include Peru, the Netherlands and Sweden, all with ratios under 1 percent.

According to Luis Corrons, Technical Director of PandaLabs, "Along with rogueware, botnets and zombie computers have increased by more than 30 percent so far this year. This is the simplest way for a hacker to take control of computers to distribute spam or malware, therefore making it more difficult to trace and detect the real culprit. The problem is that owners of these zombie computers will be committing crimes without realizing it, and could face having their services withdrawn by their ISPs or even prosecution."

Follow CircleID on Twitter

More under: Security

Sophie Curtis of eWeek reports: "Researchers have discovered a hole in the secure sockets layer (SSL) protocol, enabling man-in-the-middle attackers to hack into secure applications despite traffic encryption. According to security researcher Chris Paget, hackers can exploit this flaw by breaking into shared hosting environments, mail servers and databases, and inserting text into encrypted traffic as it passes between two end users. This could lead to fragmentation of SSL transactions, giving hackers the opportunity to inject false commands such as password resets into communications which are otherwise encrypted."

Related Links:
Security Researchers Uncover SSL Vulnerability eWeek, Nov.5.2009
Thoughts on the TLS bug Chris Paget, Nov.5.2009

Follow CircleID on Twitter

More under: Security

Sophie Curtis of eWeek reports: "Researchers have discovered a hole in the secure sockets layer (SSL) protocol, enabling man-in-the-middle attackers to hack into secure applications despite traffic encryption. According to security researcher Chris Paget, hackers can exploit this flaw by breaking into shared hosting environments, mail servers and databases, and inserting text into encrypted traffic as it passes between two end users. This could lead to fragmentation of SSL transactions, giving hackers the opportunity to inject false commands such as password resets into communications which are otherwise encrypted."

Related Links:
Security Researchers Uncover SSL Vulnerability eWeek, Nov.5.2009
Thoughts on the TLS bug Chris Paget, Nov.5.2009

Follow CircleID on Twitter

More under: Security

"Outside applications need to be on an equal footing with our own applications," John Donovan said at a SUPERCOMM keynote here in Chicago. "My jaw dropped," one of his colleagues told me a few minutes later, because this is a reversal of AT&T's long-standing position they needed to be able to favor their own applications. AT&T D.C. needs to listen closely to their own CTO, because they are throwing everything they have in D.C. at preventing "non-discrimination" being included in the FCC Net Neutrality regulations.

Apps are critical to the success of the iPhone, which "is transforming AT&T's entire network and business," again according to a colleague. He knows that the (mostly) open platform of the iPhone is necessary to give iPhone apps access, which in turn is crucial to the success of AT&T wireless. Donovan suggests that a similar openess will make a dramatic difference across the business. If they discriminate in favor of their own video, games, or whatever comes next, developers will be hard to attract.

John is still new to AT&T, and clearly is "thinking different." His handlers apparently forgot to tell him what not to say, so he explained AT&T's strategy straight, not filtered through his (extremely effective) D.C. lobbyists. Presumably, an angry phone call from D.C. now has told him to shut up.

Ed Gubbins at Telephony has the quote as "We use the principle of 'us on us,'" [Donovan] said, referring to AT&T services on AT&T's network. "If we take an external developer and ourselves, we should not be advantaged in how long it takes or how much expertise is required. It needs to be that simple, because that would put the foundation in place for how to horizontalize all your platforms in a way. Far enough is when you're on equal footing with anyone that externally would be looking to bind your network. Whether you're reaching for physical assets, logical assets or into the IT systems, I don't think it needs to be that complicated. You just have to say, 'Is us on us the same as them on us?' ... We have to prepare our networks for a world where the user experience is going to be [controlled by] any number of different companies unique to the individual user."

Richard Epstein can make a sensible argument against Net Neutrality (government will screw things up,) but the AT&T advocates in D.C. apparently can't. At least one said equal treatment would be impossible, foolishly contradicting his CTO, SVP, and CEO Ed Whitacre testifying in the Senate. Kim Hart reported DC opinions that U-Verse spending would be decimated if the rules went through, a silly notion. Cable is clobbering them where they don't have U-Verse and they can't afford to cut it back.

Written by Dave Burstein, Editor, DSL Prime

Follow CircleID on Twitter

More under: Access Providers, Broadband, Mobile, Net Neutrality, Policy & Regulation, Telecom

According to a report released today by Nominet, UK's domain name registry, 77% of British consumers prefer to use a .uk rather than a .com when searching for information on the Internet. The report also indicates that despite the current economic climate, the global domain name industry has seen an 8% growth with 187.6 million domain names registered worldwide. "Generic top level domains (gTLDs), such as .org and .com, have grown on average by 6% whilst the country code Top Level Domains (ccTLDs) including .uk and .de (the German registry) fared slightly better and together generated a 10% average growth in registrations," says Nominet.

Phil Kingsland, Director of Marketing and Communications at Nominet, comments: "The findings show that businesses must now pay attention to Internet brand awareness and marketing strategies that are in line with consumer expectations. It is a global marketplace, but what we are seeing is that consumers trust and rely on a more local touch point with a brand."

For a full copy of the Nominet Domain Name Industry Report 2009, click here.

Follow CircleID on Twitter

More under: Domain Names, Domain Registries, Top-Level Domains, Web

According to a report released today by Nominet, UK's domain name registry, 77% of British consumers prefer to use a .uk rather than a .com when searching for information on the Internet. The report also indicates that despite the current economic climate, the global domain name industry has seen an 8% growth with 187.6 million domain names registered worldwide. "Generic top level domains (gTLDs), such as .org and .com, have grown on average by 6% whilst the country code Top Level Domains (ccTLDs) including .uk and .de (the German registry) fared slightly better and together generated a 10% average growth in registrations," says Nominet.

Phil Kingsland, Director of Marketing and Communications at Nominet, comments: "The findings show that businesses must now pay attention to Internet brand awareness and marketing strategies that are in line with consumer expectations. It is a global marketplace, but what we are seeing is that consumers trust and rely on a more local touch point with a brand."

For a full copy of the Nominet Domain Name Industry Report 2009, click here.

Follow CircleID on Twitter

More under: Domain Names, Domain Registries, Top-Level Domains, Web

For years now, there have been calls for a high-level cybersecurity official, preferably reporting directly to the president. This has never happened. Indeed, there is a lot of unhappiness in some circles that President Obama has not appointed anyone as "czar" (or czarina), despite the early fanfare about the 60-day cybersecurity review. There are many reasons why nothing has happened, I'm sure, up to and including high-level disagreement over the need for such a post. But another reason, I suspect, is that there are (at least) three different roles that need to be filled. The different roles have different needs and different responsibilities, but all are very difficult.

The first role is effectively as chief security officer for .gov. That is, the government—and I'm speaking of the civilian sector, not the military—has a vast IT complex. Securing any one part of the government is very hard; securing all of it may be impossible. The czar's role, though, is to cadge, cajole, or coerce many different departments into doing something. Given how independent the departments are, it wouldn't be easy. Presidential authority might help, but Truman predicted that Eisenhower would say "Do this! Do that! And nothing will happen". A czar, by definition lower-level than the president, would have an even more frustrating time.

There have been attempts to set a single security policy for the government. The Federal Information Security Management Act (FISMA) tried it; unfortunately, it appears to have turned into yet another exercise in security by checklist. Beyond that, there's a more subtle problem: a proper security posture is site- and application-specific. The requirements for securing, say, an informational web server are very different than what an EPA monitoring project might use when polling air quality sensors around the country. One size does not fit all; a centralized policy won't work very well.

Some things, such as intrusion monitoring, might (or might not) be better off centralized. Detailed security policy is probably better off decentralized—if different departments will do it properly. The key to that is finding the right incentives, since we're not dealing with profit-making organizations for which money is a suitable metric. That, I think, is the challenge for securing .gov. It is not clear that a high-level czar would help; one cannot enforce a policy if that policy doesn't exist.

The second role I see for a cybersecurity czar is providing policy advice to the president. Cybersecurity (and cyber policy in general) are cross-cutting issues. Do you want a smart power grid? How will you secure the sensors, the actuators, and the computer systems that talk to them? Hunting cybercriminals? Is there a suitable agreement with the country they're in? Improving education by providing computers to schools and libraries? How will these be secured? The president needs to hear advice on such issues, from someone with a very broad grasp of not just cybersecurity, but the fields in which there may be security concerns. There needs to be someone at a very high level advising the president on such issues, but should this advisor report directly to the president, or just be part of an office of science and technology policy?

The cybersecurity advisor has another big responsibility, though: devising a national strategy. What policies should the government pursue to help improve the overall security of computers in general? To give one example, many people have advocated a liability-based model: make vendors liable for for problems caused by their security flaws, and let the market work its magic. Is this a good idea? Someone needs to look into this in detail, and make a recommendation to the president. Others having suggested replacing the Internet with something newer and more secure. Will this help? What about broad, national initiatives, like electronic health records, where the security and privacy risks are pervasive? All of these have very deep implications; someone needs to advise the president about them. Again, though, at what level should this advice be given, directly to the president or at one remove?

The third major cybersecurity role is liason to the private sector. Most of the national computing capability is in private hands; what these organizations and people do has a great impact on the nation's cybersecurity. Some changes can be accomplished by legislation or regulation, especially in critical infrastructure sectors; others, though, require persuasion. For example, suppose it was concluded that ubiquitous encryption would be a tremendous security advantage. The cybersecurity liason would try to jawbone vendors, web sites, etc., into implementing this. Does this need presidential access? It wouldn't seem to, but as Theodore Roosevelt noted, the presidency is a bully pulpit; the further the cybersecurity liason is from the center of power, the less influence he or she would have.

These, then, are the three roles: government CSO, cybersecurity advisor, and cybersecurity liason. The first and last need the presidency's power; the middle needs access. Is this one person, two, or three?

I'm certainly not privy to the debates going on inside the White House. I suspect, though, that some variant of the questions I've posed—the exact role and (especially for the CSO option) powers this person would have—are the reason for the delay. I also suspect that trying to combine all three roles in one position is counterproductive; the necessary skills are very different.

Written by Steven Bellovin, Professor of Computer Science at Columbia University

Follow CircleID on Twitter

More under: Security