In September 2023 the TLD ISAC was officially launched to promote cyber security. Let's take a look at the last year. What has been achieved?
TLD ISAC – What is behind this name?
European TLD ISAC stands for "Top-Level Domain (TLD) Information Sharing and Analysis Centre (ISAC)". Several country code Top Level Domains (ccTLDs) have joined in this center to promote cyber security. Strengthening the security and resilience of the national top-level domain registries in Europe, like DENIC, is the mission of the TLD ISAC. It brings together domain registry operators, security experts, and other stakeholders to share threat intelligence and to identify emerging trends. In a joint effort, they develop proactive measures to prevent and mitigate cyber attacks. By fostering a culture of trust, transparency, and partnership, the ISCA TLD aims to enhance the security posture of top-level domains in Europe and protect the digital economy's critical infrastructure.
The European TLD ISAC was formally launched in 2023 as a special working group within CENTR, the Council of European Top Level Domain Registries. CENTR has a long history of facilitating collaboration among its members, promoting their interests, providing essential services for them, and enabling collaboration and the trusted exchange of information. Therefore, establishing the European TLD ISAC was of high priority to Council.
The TLD ISAC has emerged from CENTR's security working group. The increasing security requirements in the area of operational IT, especially the cross-organisational, time-critical exchange of technical security information, made it necessary and reasonable to decouple the TLD ISAC from the working group for cyber security. By now, 16 members of the CENTR community support the initiative with additional funds and personnel resources. DENIC has been one of the 12 founding members and thus been involved from the very beginning in promoting the cyber security in Europe.
Today, the European TLD ISAC is an independent working group with its own mandate, budget, resources, management and its own identity.
Why a separate ISAC for TLDs?
As the name tells, the European TLD ISAC is focused on the top level domain registries in Europe. At present, only full members of CENTR that do business primarily in Europe can become members. This restriction keeps the number of active members small. And that's precisely why a separate ISAC for TLDs was launched. In a small group, trust builds up easier, and trust is the very basis behind the concept of an ISAC and vital for it to be successful. Moreover, the topics dealt with are tailored to this specific group.
Highlights of the TLD-ISAC since it was launched in 2023
The TLD ISAC has a wide range of activities. Next to a large number of new tasks it has taken over all ongoing projects of the CENTR cyber security working group.
CENTR Member Security Maturity Model (CM-SMM)
Particularly worth mentioning is the CENTR Member Security Maturity Model (CM-SMM). This is a standardised, hybrid measuring tool tailored to the needs of the industry that enables registries to assess their security maturity at a given point in time as well as measure the progress they make over time. Moreover, this standardised model can be used to determine the security maturity of the TLDs in Europe in general. The CM-SMM has been in existence since 2016 but was updated by the ISAC in 2024.
Threat Landscape Analysis (TLA)
New is the so-called Threat Landscape Analysis (TLA). This analysis, first performed by the ISAC in 2024, combines a systematic investigation and assessment of threats that might concern the TLD industry. The analysis aims to provide a comprehensive understanding of current and potential threats in order to develop suitable security measures and to optimise security strategies. The TLA also forms the basis for many future projects envisaged by the TLD ISAC.
Crisis management exercise
The crisis management exercise conducted by the TLD ISAC and previously tested at the 2024 CENTR meeting of all working groups, the so-called Jamboree, was also a great success. This exercise performed in the tabletop style aims at sharpening strategic thinking and decision-making in crisis situations and in interdisciplinary teams, without predefining or testing specific processes or procedures.
TLD ISAC Conference
Additionally, the community will hold already the second conference this year initiated and organised by the ISAC. Internal and external industry experts present the results of current research, the latest trends and best practices to further raise awareness of the great importance of DNS security, and share the latest news. There also is an exchange with regulators and policymakers. At the same time, a large share of the conference is dedicated to discussion and networking. Panel discussions, for example, provide a platform for exchanging ideas and experiences, while social events offer the ideal setting for establishing new contacts and strengthening existing relationships. Both are essential for the success of an ISAC.
Impact beyond the ISAC's borders
Besides all these inside activities, the members of the TLD ISAC are also active outside the group. They represent ISAC at international events, like those by ENISA, the European Union Agency for Cybersecurity, or at the EU ISAC conference. The crisis management exercise conducted for the first time at the annual member meeting of CENTR greatly impressed even ICANN, the corporation for assigning unique names and addresses on the internet. An exercise of the same type will therefore be carried out at ICANN before the end of this year.
Behind the scenes
This is just a small selection of the wide range of activities undertaken by the TLD ISAC. Much more is happening behind the scenes. The group has created a framework for long-term cooperation between the ISAC members, set up various platforms for exchanging information and a dedicated TLD ISAC website and also established a regular meeting for exchanging information on sensitive security incidents. And, of course, many other topics not mentioned here were discussed, which the ISAC members will advance in the future.
Conclusion
All in all, it can be said that the TLD ISAC is rendering a valuable contributing to DENIC's cyber security already now. The exchange of information and best practices will help to consolidate security and trust in the stability of the .de domain in the long term and thus indirectly also that of the domain holders. With its involvement, DENIC clearly demonstrates that the security of the internet infrastructure is a top priority and is continuously being developed to meet the challenges of a constantly changing digital landscape.