DNS Systemic Vulnerabilities and Risk Management: A Discussion

DEF CON 18

Presented by: Rod Beckstrom, Dan Kaminsky, Paul Mockapetris, Ken Silva, Mark Weatherford
Date: Friday July 30, 2010
Time: 12:00 - 12:50
Location: Royale 2-3-4
Track: Track 1

The experts on this panel will provide their views on systemic risks facing the DNS and provide thoughts on measures that should be undertaken to remediate the risks. The panelists will discuss both the challenges and the security benefits that will arise from the implementation of DNSSec.

Mark Weatherford

Mark Weatherford was appointed by Governor Arnold Schwarzenegger to his most recent position as Executive Officer of the California Office of Information Security and Privacy.  In this role, he has broad authority over California’s cyber security activities and is responsible for state government information security program policy, standards, and procedures.  He also oversees the first-in-the-nation Office of Privacy Protection, which provides information, education and privacy practice recommendations for consumers, business and other organizations on identity theft and other privacy issues. Mr. Weatherford previously served as the Chief Information Security Officer for the State of Colorado where he was appointed by two successive governors to develop and lead the state information security program.  A former U.S. Naval Cryptologic Officer, Weatherford led the U.S. Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team and as a member of the Raytheon company, he successfully built and established the San Diego Navy/Marine Corps Intranet Security Operations Center (SOC). Mr. Weatherford holds a BS from the University of Arizona and an MS from the Naval Postgraduate School.  He is a member of the Multi-State Information Sharing and Analysis Center, the National Association of State Chief Information Officers, the Information Systems Security Association, and the Information Systems Audit and Control Association. He also holds Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications.  Mr. Weatherford was recently awarded Information Security magazine’s prestigious “Security 7 Award” for 2008.

Ken Silva

Ken Silva: As Chief Technology Officer, Ken Silva oversees VeriSign's mission critical Internet infrastructure that enables and protects billions of interactions every day across the world's voice and data networks. In this role, he oversees the network and information security for VeriSign's portfolio of digital infrastructure solutions that enable the world to securely communicate, conduct commerce and access the latest content. Mr. Silva's responsibilities include oversight of the technical and network security for a definitive database of millions of Web addresses in .com and .net - the world's most recognizable top-level domains. Responding to more than 30 billion DNS queries daily, the platform provide authoritative routing support for every Web address ending with .com or .net. Mr. Silva also oversees the management of two of the world's 13 Internet root servers, a.root-servers.net and j.root-servers.net, considered national IT assets by the U.S. Federal Government. Additionally, Mr. Silva coordinates the security oversight of the system that protects more than 750,000 Web servers with digital certificates, protecting the majority of secure Web sites on the Internet, including 93 percent of the Fortune 500 sites. Mr. Silva serves on the board of directors for the Information Technology, Information Sharing and Analysis Center (IT-ISAC) and is the Chairman of the board of the Internet Security Alliance. He also advises and participates in a number of national and international committees for organizations, including the National Infrastructure Protection Center (NIPC), White House ISP Security Panel, the ICANN DNS Security Panel, the Network Reliability and Interoperability Council (NRIC), and the National Security Telecommunications Advisory Committee (NSTAC). Mr. Silva previously served as VeriSign's first Chief Security Officer and vice president of technology strategy. He joined VeriSign with more than 20 years experience in the telecommunications and security industries. He came from the National Security Agency where he served 10 years most recently as executive technical director. Mr. Silva has served in various other leadership positions, taught courses at the national cryptologic school, and served 10 years in the United States Air Force.

Paul Mockapetris

Paul Mockapetris is Chairman and chief Scientist at Nominum, a company which supplies DNS and DHCP software to carriers and others.  Paul is the inventor of the DNS protocol, and was the first implementer of SMTP.  He believes he put the "S" in SMTP, and that complexity is the enemy.  He is the veteran of several Silicon Valley successes and disasters.

Dan Kaminsky

Dan Kaminsky: chief scientist, Recursion Ventures

Rod Beckstrom

Rod Beckstrom is a highly successful entrepreneur, founder and CEO of a publicly-traded company, a best-selling author, avowed environmentalist, public diplomacy leader and, most recently, the head of a top-level federal government agency entrusted with protecting the nation’s communication networks against cyber attack. Throughout 2008, Rod served as the Director of the National Cybersecurity Center (NCSC) at the U.S. Department of Homeland Security, where he reported to the Secretary of DHS, and was charged with cooperating directly with the Attorney General, National Security Council, Secretary of Defense, and the Director of National Intelligence (DNI). Prior to joining DHS, he served on the DNI’s Senior Advisory Group. Rod is unique in having experienced the inner workings of two, highly-charged, often competing, federal security agencies created in the wake of the September 11th attacks, an event that he says, “changed my life.” Rod is widely regarded as a pre-eminent thinker and speaker on issues of cybersecurity and related global issues, as well as on organizational strategy and leadership. He is also an expert on how carbon markets and “green” issues affect business. While Director of the NCSC, Rod developed an effective working group of leaders from the nation's top six cybersecurity centers across the civilian, military and intelligence communities. His work led to his development of a new economic theory that provides an explicit model for valuing any network, answering a decades-old problem in economics. Rod co-authored four books including The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations, a best-selling model for analyzing organizations, leadership styles, and competitive strategy. The Starfish and the Spider has been translated into 16 foreign editions and is broadly quoted. At age 24, Rod started his first company in a garage apartment and, subsequently, grew it into a global enterprise with offices in New York, London, Tokyo, Geneva, Sydney, Palo Alto, Los Angeles, and Hong Kong. CATS Software Inc., went public and later sold. Nobel Laureates Myron Scholes and William F. Sharpe served on the company's boards of directors and advisors. While at CATS Rod helped advance the financial theory of “value at risk,” now used globally for all key banking risk management. Rod co-edited the first book to introduce “value at risk.” Rod also co-founded Mergent Systems, a pioneer in inferential database engines, which Commerce One later acquired for $200 million. He has co-launched other collaborations, software, and internet service businesses, as well. From 1999 to 2001, he served as Chairman of Privada, Inc, a leader in technology enabling private, anonymous, and secure credit card transactions over the internet. In 2003, Rod co-founded a global peace network of CEO's which initiated Track II diplomatic efforts between India and Pakistan. The group’s symbolic actions opened the borders to people and trade, and contributed to ending the most recent Indo-Pak conflict. It's one of several non-profit groups and initiatives Rod has started. He now serves on the boards of the Environmental Defense Fund, which Fortune Magazine ranked as one of the seven most powerful boards in the world and Jamii Bora Trust an innovative micro-lending group in Africa with more than 200,000 members. He is a graduate of Stanford University with an MBA and a BA with Honors and Distinction. He served as Chairman of the Council of Presidents of the combined Stanford student body (ASSU) and was a Fulbright Scholar at the University of St. Gallen in Switzerland. Rod commenced as President and CEO of ICANN on 1 July 2009.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats