Insights | White Papers
Interisle is focused on resilient systems, networks, and organizations. Our knowledge base spans a very wide range of subjects that inform our system-level approach to resilience. The publications listed on this page capture some of the conclusions we've reached after thinking about these issues for a long time.
In the policy realm what we call “Internet issues” are not actually “Internet” issues—they are well-pedigreed social, political, cultural, and economic issues, for which we clever technologists have provided a rich new environment in which to grow and multiply. It follows that the people best prepared to tackle “Internet” issues may be thoughtful professionals in fields such as behavioral psychology, linguistics, sociology, education, history, ethnology, and political science&mdashnot (exclusively) “Internet experts.” Interisle principal Lyman Chapin suggests a broadly interdisciplinary approach to what have traditionally been considered “Internet” issues in “It's Not About the Internet,” which appears in the 50th Anniversary issue of the ACM SIGCOMM Computer Communication Review.
Domain names that can be rapidly acquired, used in an attack, and abandoned before they can be traced are a critical resource for cybercriminals. Some attacks, including spam and ransomware campaigns and criminal infrastructure operation (e.g., “botnets”), benefit particularly from the ability to rapidly and cheaply acquire very large numbers of domain names—a tactic known as bulk registration. When cybercriminals can register hundreds or thousands of domain names in a matter of minutes, an attack can be widely distributed to make detection, blocking, and dismantling more difficult and prolonged. The use of bulk registration to distribute attacks across hundreds or thousands of domain names in matters of minutes, coupled with the crippling of registration data access by the Temp Spec, presents cybercrime investigators with the dual impediments of harder-to-pursue criminal activity and harder-to-obtain information about the criminals. Interisle researchers report on the “weaponization” of bulk-registered domain names in “Criminal Abuse of Domain Names.”
The Internet is not so much a thing than a phenomenon, a fortunate outcome of a series of historical decisions that enabled technological innovation while introducing new communications models that have proven to be transformative for industry, the economy, and society. But some of the decisions made by the FCC over the past 15 years have resulted in what is at least a perceived, and possibly material, risk to the continued vitality of the open Internet. The FCC has lacked a clear understanding of how the Internet itself works, and thus some of its proposals to preserve its openness risk doing more harm than good. The best way to protect Internet openness is to prevent it from being compromised by monopoly service providers while, at the same time, not strangling it with excessive regulation. This delicate but essential balance can be achieved by well-informed appreciation of the way in which the Internet functions as a voluntary and largely self-regulating federation of public and private actors, applying formal regulation only where necessary to safeguard the principle of openness. We thus propose "Protecting and Promoting the Open Internet", restoring a layered approach, which would apply common carrier regulation and open access to the lower layers of access networks, not to the Internet itself.
Studies of Internet Service Provider (ISP) interconnection arrangements have been performed from many different perspectives, including the technical architecture of exchange points, the business and economic models that underlie peering and transit agreements, and the interaction between market-driven interconnection arrangements and public policy (at both the national and international levels). The Interisle white paper "Interconnection and Peering among Internet Service Providers" provides an historical context for, and concise summary of, the evolution of ISP interconnection-how it originated, how it developed, and how it is practiced today. It describe the way in which the self-organized and self-regulating structures that govern today's global Internet-including the arrangements that enable ISPs to connect their networks to each other-have evolved naturally, over a period of roughly 35 years, according to principles that are deeply embedded in the Internet architecture.
"Authentication" sounds like a straightforward exercise-to determine, to some level of assurance, that a party is entitled to a specific set of credentials (i.e., a procedure or mechanism to test an entitlement claim)-but in practice, especially for financial transactions, it is anything but. The Interisle white paper "Authentication Issues for Financial Services" presents a model for placing authentication in context; examples of modern authentication problems, such as "identity theft", the role of biometrics, the non-repudiation myth, and consumer/merchant authentication; some real-world requirements; and an assessment of who wins and who loses as financial transaction system authentication mechanisms evolve.
Enhancing business resilience is not just about ordering extra communications lines or even about building backup data sites. It's the result of applying a consistent, strategically grounded and analytically sophisticated approach to a number of technical, organizational, and process issues. Far more than just an "insurance premium" against disaster, the process of creating resilient business and technical architecture can be a critical catalyst for positive organizational change (e.g., cost reduction, process improvement, and increased customer focus). This Interisle whitepaper on Fostering Business Resilience introduces the concepts and gives key details.