On-Prem

Networks

Ukraine invasion: We should consider internet sanctions, says ICANN ex-CEO

Keep Russia's citizens online but block its military networks, say


The former head of ICANN, two EU parliamentarians, and a handful of technical, security, and legal experts on Thursday plan to publish an open letter to the internet governance community arguing that the time has come to develop a targeted internet sanctions system.

The letter [PDF], provided in draft form to The Register, follows a request by Ukrainian government officials for all Russian web domains, revoking HTTPS certificates, and other technical interventions.

Ukraine's request for these online sanctions was rejected by internet administrative bodies ICANN and RIPE (Regional Internet Registry for Europe, the Middle East and parts of Central Asia) on the basis that the punishment was too broad and would have too many undesirable consequences.

But the letter's signatories – Bart Groothuis, member of EU parliament, Netherlands; Bill Woodcock, executive director of Packet Clearing House; Ihab Osman, non-executive director of ICANN, Felix Reda, former member of EU parliament, Germany; Mike Roberts, founding president and former CEO of ICANN; Jeff Moss, president of DEF CON; Niels ten Oever, post-doc researcher at the University of Amsterdam; Runa Sandvik, security researcher; and Kurt Opsahl, deputy executive director and general counsel of the Electronic Frontier Foundation – argue something ought to be done.

The signatories contend the internet governance community has reached a level of maturity that brings with it the responsibility to consider how to respond to humanitarian crises. The letter, they say, represents the beginning of a global internet governance conversation about the appropriate scope and feasibility of internet sanctions.

"We believe that, although the specific sanctions suggested by the Ukrainian Ministry of Digital Transformation are overbroad and would harm civilians, there are well-established mechanisms by which existing forms of internet abuse, such as spam, malware, phishing, and cyber-attacks are controlled, and that these mature mechanisms can easily be extended to communicate specific IP addresses and domain names of sanctioned entities," the letter says.

"In the case of the Russian attack on Ukraine, the Russian military, their propaganda organs, and any dual-use facilities should be in-scope, while the civilian population should be out-of-scope. Sanctions should meet tests of proportionality, efficacy, implementability and reversibility, and non-overreach."

The group proposes the establishment of a multi-stakeholder mechanism similar to NSP-SEC or Outages, which, following deliberation and consensus, would publish sanctioned IP addresses and domain names in public feeds. Entities subscribing to those feeds could then choose to observe the sanctions, thereby limiting access to the identified resources.

"We call upon our colleagues to participate in a multi-stakeholder deliberation using the mechanism outlined above, and decide whether the IP addresses and domain names of the Russian military and its propaganda organs should be sanctioned, and to lay the groundwork for timely decisions of similar gravity and urgency in the future," the letter concludes. ®

Send us news
102 Comments

What does it mean to build in security from the ground up?

As if secure design is the only bullet point in a list of software engineering best practices

Trump admin's purge of US cyber advisory boards was 'foolish,' says ex-Navy admiral

‘No one was kicked off the NTSB in the middle of investigating a crash’

Infosec was literally the last item in Trump's policy plan, yet major changes are likely on his watch

Everyone agrees defense matters. How to do it is up for debate

US freezes foreign aid, halting cybersecurity defense and policy funds for allies

Uncle Sam will 'no longer blindly dole out money,' State Dept says

Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards

And: America 'has never been less secure,' retired rear admiral tells Congress

Trump scrubs all mention of DEI, gender, climate change from federal websites

Meanwhile, the Internet Archive races to save what it can – again

Biden signs sweeping cybersecurity order, just in time for Trump to gut it

Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive

White House asks millions of govt workers if they would be so kind as to fork right off

Unions fear federal staff purge and RTO will spark chaos for Americans

One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers

But we mean, you've had nearly four years to patch

Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek

Oh someone's in DeepShi...

The curious story of Uncle Sam's HR dept, a hastily set up email server, and fears of another cyber disaster

Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings

Google to Iran: Yes, we see you using Gemini for phishing and scripting. We're onto you

And you, China, Russia, North Korea ... Guardrails block malware generation