Cyber threats have grown exponentially and there is significant change in the global regulatory environment impacting cybersecurity and data protection. Strong internet governance is critical writes David Curtin, CEO of .IE, the national registry for .ie domain names.
The digital transformation of our economy and society has been monumental. With the ever-increasing digitalisation of personal and work life, it has become increasing evident that cyber threats, be they by criminals or nation-state actors, pose an evolving risk to the everyday working of society.
It is also a time of significant regulatory change. The EU Network and Information Security Directive (NIS2) regulations are upon us and must be implemented by member states by October 2024. This Directive aims to achieve a high common level of cybersecurity across EU member states and to create a high level of harmonisation with regard to security requirements and reporting obligations across the EU. It is essential that the Government and relevant organisations come together to ensure that businesses across Ireland are ready to implement the required regulations.
More than ever, the internet needs guardians, guides, and stewards to ensure and promote good internet governance.
At .IE, good internet governance permeates our strategic priorities. We seek to protect .ie domain holders and to adopt policies, processes and procedures that take account of the need for balance, having regard to the respective roles and responsibilities of our registrants, Registrars and internet users.
We promote and encourage national internet governance through consumer protection protocols, policies and security programmes that coordinate and shape the national namespace, in line with international best practices.
Managed registry model: Only individuals and businesses with a provable connection to Ireland can register a .ie domain, and applications from new customers are manually reviewed to ensure that they meet this requirement. This process keeps the .ie domain largely free from registrations by bad actors with their quick-moving scams and other illegal activities that unmanaged registries cannot detect as easily.
Consumer protection protocols: We have created consumer protection protocols with regulators to address online illegality and to permit ‘take-down’ of websites under certain circumstances. We operate a Regulatory Authority Protocol for dealing with illegal content on .ie websites. The regulatory authorities who we engage with include the Corporate Enforcement Authority, the Competition and Consumer Protection Authority, the Central Bank, the Garda National Cyber Crime Bureau and ComReg, in addition to the Food Safety Authority of Ireland, the Health Products Regulatory Authority and the National Transport Authority.
Dispute Resolution: We have an easy-to-use Dispute Resolution service with independent third party dispute resolution agencies – WIPO and EU Net Neutrals. We have proactively introduced anti-abuse measures, in cooperation with stakeholders (via our Policy Advisory Committee) and our Registrar channel.
Policies: We have a range of policies and rules to protect consumers, safeguard registrants and promote good internet governance. These can be found at www.weare.ie/our-policies.
Stakeholder dialogue and democracy: We welcome and facilitate this through our multi-stakeholder and consensus-driven Policy Advisory Committee.
In 2019, .IE was designated as an Operator of Essential Services (OES) under the original EC NIS Directive. Our technical services team provides a range of services, which underpin the .ie namespace, a critical part of Ireland’s national internet infrastructure. These services are important for every business, individual, community, or government service, which uses the .ie internet address.
Operating an essential service: We have a 20-year track record of investing in and developing the national domain name system (DNS) infrastructure, which is robust and resilient.
High availability mission-critical systems and services: Operating the national registry for the .ie namespace requires the highest levels of security, stability, and resilience of networks and infrastructure. We manage and maintain the registry’s high availability systems, mission-critical services and infrastructure in accordance with international best practices.
Managing the database of .ie domain names: The database is the authoritative record of who has the ‘right to use’ a particular .ie domain name. It is updated, in real time, for changes requested by Registrars, acting on the instructions of registrants. Registrars’ APIs can submit requests 24/7/365, so database uptime and resilience is of critical national importance. We also run zone file updates, 12 times every day.
Operating the WHOIS directory: The WHOIS directory is an online lookup service, which provides valuable information on every .ie domain name. This service is provided free of charge on our website, www.weare.ie. We do not show an individual’s personal information, in accordance with GDPR principles and requirements. Access is controlled with daily limits and fair usage policies apply. In 2020, the usefulness of the WHOIS service was extended with the addition of an abuse contact facility, in the public interest.
Tackling cybercrime: Our locking service prevents unauthorised changes to important .ie addresses and stops web hijacking. We offer cryptographic authentication for responses received from authoritative DNS servers (DNSSEC), providing a more secure Domain Name System (DNS) which reduces phishing risks. We also provide an additional layer of security to owners of a .ie domain name, free of charge. This service provides a constant scanning of .ie sites and involves instant notification to an SME’s hosting provider, who can help them take the corrective action once a scam has been detected. This is invaluable as it helps innocent victims, such as SMEs, who might be unaware that they have experienced a cyberattack, to take the required remediation action.
Adhering to internet security and standards: We adhere to official internet specifications, communications protocols and procedures published by the Internet Engineering Task Force (IETF), an open international community of network designers, operators, vendors, and researchers concerned with the evolution of the internet architecture and the smooth operation of the internet.
At .IE, we are passionate about enabling and empowering Ireland to leverage the internet for the good of its society and economy. With .ie domains, we provide a trusted pathway to unlock the power of the internet for people and businesses across Ireland.
Together with our partners, we are enabling a better Ireland online through our technical and policy-based guardianship of the national critical infrastructure.