Interisle Consulting Group

Resilient systems and networks position your organization to thrive under any circumstances—to respond dynamically to new technologies, new business opportunities, and new threats in an ever-changing world.

Interisle's world-renowned Internet and public safety networking experts know that what matters most about technology is how it helps you achieve your objectives.

We look beyond the impersonal canned solutions promoted by traditional large consulting firms, working closely with our clients to find the enduring architectural foundation that unites technology and business strategy to create sustainable value. Everything we do is focused cleanly and efficiently on your specific situation—all of our consultants are seasoned professionals with international reputations, and we don't waste your time (or money) on anything that doesn't directly benefit your business.


When the answer isn't obvious.



Exposing and Documenting Abusive Internet Behavior (29 April 2019)
Today's Internet is increasingly polluted by malware, phishing, scams, and other forms of abuse that degrade the online environment on which so much of our economic, social, and political lives rely. These abuses erode user confidence and inflict serious harm on individuals and organizations in every part of the world. Countering them is at the top of everyone's list. But accurate information about abusive behavior on the Internet is surprisingly hard to obtain. This frustrates efforts to protect Internet users from abuse, and to change the environment in positive, lasting ways.
ICANN's Domain Abuse Activity Reporting (DAAR) project is a system for studying and reporting on abusive behavior across top-level domain (TLD) registries and registrars. But DAAR reports only aggregated data on gTLD registries; it does not associate any metrics directly with specific registries, does not include information about registrars, and omits ccTLDs entirely. As such it does not give organizations or individuals the information they need to make decisions about how to safely and efficiently interact on the Internet. Achieving a safer Internet requires a trusted, neutral, public clearinghouse to collect, publish, and persistently store information that categorizes and quantifies Internet identifier system behavior, which can be used to deploy security measures, demonstrate the effectiveness of security or other administrative controls, inform policy makers, and conduct research.

Conservative abuse reporting throws new TLD program under the bus (19 February 2019)
ICANN has released a January 2019 domain abuse report generated from the Domain Abuse Activity Reporting system (DAAR). DAAR is a system for studying and reporting on domain name registration and security threat (domain abuse) behavior across top-level domain (TLD) registries and registrars. It provides a distribution of domains identified as security threats and a breakdown of security threats by class for all new and legacy registries for which the DAAR project can collect TLD zone data. But the report provides only aggregated summary statistics for TLDs, in pie-chart format; these “findings” are misleading and do not represent actionable intelligence. The report also omits registrar information. By failing to be open and transparent about the high levels of abuse in specific new TLDs and registrar portfolios, ICANN actively frustrates efforts to promote Universal Acceptance of domain names and email addresses and calls future new TLD delegations into question.

Read Dave Piscitello's Security Skeptic blog post: Conservative abuse reporting throws new TLD program under the bus.

APWG and M3AAWG Survey Finds ICANN WHOIS Changes Impede Cyber Investigations (20 October 2018)
Dave Piscitello's The Security Skeptic blog has a column focusing on how ICANN's "Temporary Specification for gTLD Registration Data" has affected access and usage of domain name registration by cyber investigators and anti-abuse service providers.

Read Dave's column and follow Dave's Security Skeptic blog.

Regulating Internet Service As a Utility: The Devil, As Always, Is in the Details (4 February 2015)
On the heels of President Obama's call last November for the FCC to take a stronger regulatory position with respect to "net neutrality," FCC Chairman Tom Wheeler is expected to share a proposal with the other Commissioners tomorrow that will set up a vote 3 weeks later on new rules for Title II regulation of "Internet service." What this means, however, is not clear from the way in which terms like "net neutrality" and "Internet service" are used by reports in the popular press, such as this recent article in the New York Times:

In Net Neutrality Push, F.C.C. Is Expected to Propose Regulating Internet Service as a Utility (NYT 2/2/15)
"It is expected that the proposal will reclassify high-speed Internet service as a telecommunications service, instead of an information service, under Title II of the Communications Act..."

The details are even more important than usual in this context, as Interisle's comments to the FCC ("Protecting and Promoting the Open Internet") describe — in detail. Our conclusion is that "[s]ervice providers should be required to make the telecommunications layer of their networks available to any requesting party on a common carrier basis, subject to Title II regulation, especially Sections 201, 202, 208, and 254." Read the full paper for a clear explanation of the issues.

The Internet Assigned Numbers Authority in Transition (15 December 2014)
The Internet Assigned Numbers Authority (IANA) has been responsible for making and publishing the assignments of Internet names and numbers, including DNS domain names and Internet Protocol (IP) addresses, for more than 40 years. The IANA functions are currently performed by the Internet Corporation for Assigned Names and Numbers (ICANN) under a set of agreements that includes a contract with the National Telecommunications and Information Administration (NTIA) of the U.S. Department of Commerce.

On 14 March 2014, NTIA announced that it intended to end its oversight of the IANA functions, and asked ICANN to launch a multistakeholder effort to propose a non-governmental alternative. As part of that effort, ICANN's Security and Stability Advisory Committee (SSAC) has prepared and published a set of three Advisories: SAC067, "Overview and History of the IANA Functions"; SAC068, "Report on the IANA Functions Contract"; and SAC069, "Maintaining the Security and Stability of the IANA Functions Through the Stewardship Transition." Interisle partner and SSAC member Lyman Chapin co-authored all three Advisories.


Interisle News

June 2019
Whois is lost

In the aftermath of GDPR's establishment, ICANN's policies for access to domain registration data (Whois) have created adverse consequences for investigations into terrorist activities, political influence campaigns and cybercrimes, creating serious threats to public safety. In this APWG monograph, APWG Board Member and Interisle Principal Dave Piscitello explains exactly how Whois data is employed during preventative and forensic cyber investigations — and how ICANN's interpretation of GDPR in particular also delays development of programmatic machine-driven responses that are widely used to maintain public safety and are vital to the long-term viability of the Internet as a governable domain

May 2019
EU Directive on Security of Network and Information Systems

European Union Directive 2016/1148 (NIS) is the first EU-wide legislation on cybersecurity. Although the EU's General Data Protection Regulation (GDPR) has received almost all of the world's attention, the impact of the NIS on network operators is potentially far greater. Interisle's Jim Reid presented On the Implementation of the EU NIS Directive at the ICANN DNS Symposium on 10 May 2019; it's an excellent introduction to the Directive and its consequences. You can listen to Jim's presentation here until June 13, 2019

May 2019
Network Collective Podcast on EU GDPR

The European general data protection regulation (GDPR) went into effect nearly a year ago. The regulation applies to EU citizens and residents, but the adoption of the regulation and subsequent compliance implementations impact cybersecurity and influence business practices globally. In this podcast episode, Dave Piscitello, Brian Honan, and host Russ White discuss how the regulation has influenced risk assessment for businesses that process personal data and highlight unintended consequences resulting from efforts to comply with the regulation. Listen to Episode 50 — GDPR

April 2019
Pioneers in Skirts

Dave Piscitello recently had the opportunity to preview Pioneers in Skirts, a character-driven documentary addressing gender bias. By revealing how women have overcome bias to succeed when circumstances conspire against them, the movie seeks to encourage cultures worldwide to adopt gender parity.
We at Interisle believe that Pioneers in Skirts is an important film for every work environment, a film that speaks to the issues present in the producers work world and beyond. Please read Dave's call to support Pioneers in Skirts.

February 2019
Dave Piscitello receives the M3AAWG 2019 Mary Litynski Award

The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) announced today that Interisle partner Dave Piscitello is the recipient of the 2019 Mary Litynski Award, which recognizes "the lifetime achievements of an individual who has significantly contributed to making the Internet safer, working far from the public eye over a significant period of time for the greater good." The Award was presented at the 45th M3AAWG meeting in San Francisco.

February 2019
APWG Publishes 2019 Mission Statement

The Anti-Phishing Working Group (APWG) has published its Mission Statement: "2019: A Critical Year for Privacy Rights, Data Protection and Public Safety", written by Interisle partner Dave Piscitello on behalf of the APWG Board of Directors.

February 2019
CAUCE welcomes Dave Piscitello to Board of Directors

The Coalition Against Unsolicited Commercial Email (CAUCE) announced the addition of Dave Piscitello to the Board of Directors. Dave's field and policy experience with exposing and mitigating the exploitation of domain names and the domain name system (DNS) by spammers, cyber-attackers, and cyber-criminals complements the law enforcement, threat research, and email abuse skill sets already present on the board. He will work with CAUCE to raise cross-community awareness of abuses and misuses of domain names and the DNS by studying and calling attention to policy vacuums and weaknesses, by promoting abuse reporting systems that can help governance bodies and lawmakers make informed decisions, and by delivering DNS investigations training programs for law enforcement.

July 2018
Dave Piscitello to join Interisle

David Piscitello, a widely respected security and cybercrime expert with an international reputation fighting criminal abuse of the Internet and its Domain Name System (DNS), will join Interisle Consulting Group upon his retirement from the International Corporation for Assigned Names and Numbers (ICANN). He brings 40 years of experience with network security practices; cybercrime policy, mitigation, and response; and DNS abuse investigation training. For more information about Dave, see his brief bio or check out his recent publications at The Security Skeptic.

January 2018
Why People Hate ISPs

Underlying the debate on "network neutrality" is a pervasive negative attitude in the US towards ISPs. Interisle principal Fred Goldstein has written an article on this topic on TMCnet.









Privacy Statement

© Interisle Consulting Group