By Adrian Kinderis
I am pleased to announce the release of the sixth edition of AusRegistry’s industry report, Behind the Dot: State of the .au Domain.
Trust is an integral aspect of the .au namespace. Our .au survey has consistently shown that Australian Internet users are more likely to trust a website that ends in .au and that they associate .au domain names with Australian entities.
Maintaining this trust is of vital importance to us at AusRegistry; not only to ensure the continued growth of the .au namespace but also to fulfil our commitment to Australia’s Internet community and establish .au as a global leader.
It is for this reason we’ve dedicated this edition of Behind the Dot to the important theme of security.
A significant tool for protecting our country’s online ecosystem has been the implementation of DNS Security Extensions, otherwise known as DNSSEC. In this edition, we’ve examined DNSSEC in detail to outline how it works and who should consider implementing it.
Online security is not however, an issue solely for Registries. Major brands and individuals alike can and should take essential steps to ensure their data, assets and reputations are protected from online attacks. This edition of Behind the Dot contains a close look at some of the major global brands that have been threatened by hijackers; as well as some of the risks to individual domain name registrants and some tactics for addressing them.
We’ve also called upon some of Australia’s leading security experts for their tips and insights on staying safe online. CERT Australia Technical Director, Dr Jason Smith gives us his views on cyber security issues affecting critical infrastructure, while Bruce Matthews, Cyber Security Manager at the Australian Communications and Media Authority (ACMA) provides an overview of the Australian Internet Security Initiative. Finally, Robert Schischka of nic.at, the Registry for the Austrian country code Top-Level Domain, offers an international perspective on DNSSEC.
In addition, we’re delighted to have the contribution of a number of our .au Registrars in this edition, to give their predictions for the year ahead in .au and the domain name industry abroad. We look forward to continuing this inclusion of Registrars in future editions and encourage your input.
It is my pleasure to present the sixth edition of Behind the Dot: State of the .au Domain. If you would like to arrange for printed copies, please reach out to your AusRegistry representative. As always, we welcome your feedback and input on the magazine and thank you for reading.
By Adrian Kinderis
9 Nov 2015
I’m pleased to present the fifth edition of AusRegistry’s quarterly industry magazine, Behind the Dot – State of the .au Domain.
In this edition of Behind the Dot, we present the inaugural .au zone file analysis – a comprehensive examination of the namespace’s 3 million domain names and their websites. This is the first time an analysis of this kind has been conducted and presents insights that have never before been publically available.
By cross-examining this data with other sources ranking the top-performing websites in the .au namespace, we’ve also been able to gain a fascinating view of the strategies employed by the ‘best of the best’ in .au. Several of these findings have been explored in greater detail throughout Behind the Dot.
The data collected from this research creates a benchmark for analysis in the future on the trends of website development and best practice design in Australia.
Continuing the theme of innovation and collaboration, the last few months have been an exciting and eventful time for the .au namespace as a whole, with industry events bringing together the wider Australian Internet community and encouraging collaboration and growth.
October saw more than 20 executives from .au Registrars meet in Melbourne for AusRegistry’s .au Registrar Executive Day. This marketing and sales-focused day was designed to offer valuable insights from industry experts into conducting business online, while also providing a forum for frank discussion.
The feedback gathered on the day helped identify a number of action points for the development of our namespace and will inform future Registrar Executive Days.
Last month also brought the au Internet Governance Forum (auIGF), hosted by .au Domain Administration (auDA) at the Park Hyatt hotel in Melbourne. The auIGF was a two-day program of panels, workshops and presentations featuring an incredibly diverse array of speakers from across the Internet community.
Sessions were held that represented all aspects of the online experience – from the technical aspects to social and cultural elements. Topics included security and dispute resolution in the .au space, as well as many social and business topics such as online engagement and involvement, the Internet and Indigenous community and using the Internet for business start-ups.
One clear highlight was the opening session on Gender and the Internet, featuring an incredibly engaging and intelligent panel of experts and commentators including journalist and broadcaster Tracey Spicer and Head of Public Policy, Australia & SE Asia for Twitter Julie Inman-Grant.
The AusRegistry team was also well-represented at the auIGF with General Counsel David Carrington moderating a panel on metadata retention in Australia and Information Security Officer Mark Culhane a highly-praised member of the ‘Security in .au’ workshop panel.
The questions and comments posed by attendees throughout the auIGF demonstrate not only the dynamism of our industry but also the high levels of engagement and passion within this community. Events like the auIGF provide a valuable forum for members of this wider group to gain more information and contribute their thoughts, ideas and skills to the betterment of our industry.
The fifth edition of Behind the Dot: State of the .au Domain is available from the AusRegistry Research page. We thank you for your interest in the .au namespace.
By Adrian Kinderis
17 July 2015
I am pleased to present Edition 4 of our quarterly industry report, Behind the Dot – State of the .au Domain. The report can now be accessed via the AusRegistry Research page.
The last few months have been very eventful for the team at AusRegistry, as our parent company Bombora Technologies was acquired by information services company Neustar, Inc. As this change in shareholders provides an exciting opportunity for the company to grow and strengthen, AusRegistry will continue to be the technology provider for all second-level .au domain names and the same team and management will continue to operate from our Melbourne offices.
This edition includes the much anticipated annual .au Survey Report for 2015. Incorporating the survey is a first for Behind the Dot – a fantastic initiative which allows us to provide some interesting insight into some of this year’s findings.
Another noteworthy event this quarter is .au’s recent 3 millionth domain registration. The artwork on the front cover of this report is a wonderful tribute to this achievement. It so accurately portrays the complexity that lies behind the running of a namespace. Having been part of the domain industry since 2000, I am particularly proud of the important role AusRegistry has played in keeping Australians online by creating a stable and secure environment in which to operate.
The Domain Name Journal recently featured an article that refers to .au as a ‘venerable’ namespace, which is a particularly apt description. As one of the oldest ccTLDs – approaching 30 years in operation – it has grown over time to become Australia’s premier domain space. It remains among the top 10 ccTLDs for domains under management, which is truly significant for a country of fewer than 24 million people. In many respects .au has been somewhat of a trailblazer in relation to policy, marketing and security initiatives. A detailed timeline (2002 - 2015) outlining some of .au’s important milestones can be found in the background section of the survey report. Looking back, I find it astounding to see how much has been achieved in this period of time.
Whilst it is important to ‘stop and smell the roses’ in acknowledging our achievements so far, the 3 millionth registration is also a perfect time to look towards the future. The survey findings have raised some interesting discussion points this year with respects to the next generation of .au registrants. A slight shift away from domain holders towards non-.au domains raises a number of questions as does the very notable change in how respondents navigate online content. The two ‘focus’ pieces in the survey report look at these two issues and provide a balanced industry perspective.
As we attempt to navigate the uncharted territory of new gTLDs, I am a firm believer that the cream always raises to the top. .au has a long history of responding to market need and auDA’s current Names Policy Panel review, more specifically discussing whether .au should be opened up to direct registrations at the second level, is one way in which Australians can support innovation in the market and continue to look at .au as the premier domain name option in Australia. I urge readers, if they have not done so already, to learn more about the Names Panel and get involved - http://www.auda.org.au/policies/panelsand-committees/2015-names-policy-panel/
You can access Edition 4 of Behind the Dot, as well as all previous editions on the AusRegistry Research page. We encourage your feedback, and thank you for reading and supporting the .au domain namespace.
By George Pongas
General Manager, AusRegistry Naming Services and auDA Board Director
24 August 2015
This article was originally published in Edition 4 of ‘Behind the Dot: State of the .au Domain’ report in August 2015. You can access the full report from the AusRegistry Research page.
July 2015 marked a milestone month for the .au domain space as we passed 3 million domain names under management, an achievement that places us within the top 10 of all country codes globally by volume.
While it’s important to acknowledge the hard work across the industry that got us to this position, we must also address the critical question of competition in an increasingly crowded market: Where will the next 3 million .au domain namescome from?
The harsh reality is that .au, as with many country code domains, is facing major challenges.
The 2015 .au Survey suggests Australian domain holding levels are in decline (21% of the population, of which 61% are under one of the .au second levels). No matter how you spin it, the introduction of new Top-Level Domains has created increased competition. We’re also seeing considerable encroachment from search engines as the default tool for navigation.
It’s important to note there are strong indicators that demand for the next 3 million domains will increase. Australian Bureau of Statistics data released in June 2015 shows more than half of all Australian businesses still don’t have an online presence, with just under 20% of medium-sized Australian businesses invisible on the web.
If all of these businesses registered one .au domain name today, it would account for an additional 1 million domain name creates.
We know that .au domain holding is concentrated under com. au, with stagnant growth in the other second-level names. For me this is a clear indicator that the current policy framework fails to meet the needs of individuals.
The com.au is a commercial zone; therefore Australians seeking to establish their digital presence must choose the id.au domain name. With only 13,143 id.au domain names under management, individuals are likely turning to other options to get online – forgoing their connection to an Australian online identity.
Interestingly, in 2014 there were 13,331 id.au domain names under management which represents a drop of 188 domains over the year, but the 2015 .au Survey results indicated an increase for personal use domain names from 9% in 2014 to 12% in 2015.
While there’s a lot to love about .au, it’s time to acknowledge the facts: we need to innovate and reposition for growth.
Time for change
Next year, .au will turn 30 years old. In terms of the product lifecycle, the namespace saw its strongest performance during the growth years of 2002 to 2010. Prompted by market forces, growth is now beginning to plateau in the mature stage of the .au lifecycle, so we need to reposition the .au product by stripping away some existing attributes and adding surprising new ones. Only then will we shift backwards through maturity and into the growth phase again.
History of innovation
The most effective way to reboot a product in decline is to look to innovation to refresh the offering. The great news is we have a rich history of innovation in the .au landscape.
In 2000, .au Domain Administration (auDA) was appointed to administer the namespace and introduce a new policy regime to stimulate .au domain registrations. This led to the auction of 3,000 previously reserved generic domain names in 2001, which was warmly embraced by the market.
In 2002, auDA liberalised the retail market and introduced a competitive model with Registrars, which resulted in strong growth and competition. Then in 2006, auDA updated the policy framework to allow for domain name monetisation with a change to the rule that stated registrations needed to be closely and substantially connected to the registrant.
Again in 2008, auDA changed its longstanding policy and allowed changes in how .au domains were held, which spurred the creation of a .au aftermarket which again stimulated strong growth.
It’s now 2015 and the namespace is again ripe for innovation.
The path to the next 3 million domains
It’s clear that in order to achieve the next 3 million .au domains, the namespace needs to innovate and match our competitors in the marketplace.
The current auDA 2015 Names Policy Panel* is investigating whether policy changes should be implemented to allow second-level direct registration of domain names under .au (eg: www.name.au instead of www.name.com.au). Other mature market country codes such as the United Kingdom’s .uk and New Zealand’s .nz have recently changed their rules allowing direct registrations under the Top-Level Domain.
For .au to remain relevant, we need to innovate and match other products in the market. The introduction of shorter, new Top-Level Domains and the policy reforms of other country codes may mean the second-level structure of .au no longer demonstrates good market fit. This is exactly what the auDA Names Policy is considering, following the public consultation period (Further feedback from the community will be sought during future rounds of consultation).
With the increase in choice and variety of new Top-Level Domain options available to consumers, registrants have access to simple and easy to remember domain names. The .au extension heralds to the rest of the online world a connection to Australia. How many people outside of industry truly understand what the com, net, org or id means in com.au, net.au, org.au and id.au? The Australian domain name industry must cater to all customers and not just industry – we are not the customer!
Direct registrations under the .au Top-Level is exactly the type of innovation that .au requires to reinvigorate the namespace and position it for growth. Given .au only has one unique selling proposition – that it’s a signifier for Australian content online – we need to future-proof this position.
Opening .au to direct registrations will augment the well-earned position the namespace holds as Australia’s trusted home online. Importantly it will ensure .au maintains market relevance and the fewer keystrokes needed in a mobile-oriented web is certainly one driver for evolution.
Achieving 3 million domains is great, but it is not the finishing line and we now need to acknowledge the future challenges we face in the market. It is vital that we protect this national asset and honour the investment made in the namespace with every domain name sale to date.
By George Pongas
General Manager, AusRegistry, and auDA Board Director
*Disclosure: I’m a panel member of the auDA 2015 Names Policy Panel.
AusRegistry submitted a position paper to the panel for consideration.
George Pongas, General Manager of Naming Services at AusRegistry, says the .au Registrar Information Security Standard (ISS) will help protect .au domain name owners from cybercrime and position the namespace as one of the world’s most securely managed zones.
This blog was also featured on Computer World.
By George Pongas
General Manager of Naming Services, AusRegistry
7 August 2015
Last month, Prime Minister Tony Abbott chaired an unprecedented cyber security summit with CEOs and executives from Australia’s leading companies to address the increasing threat of online risks to Australia’s digital economy.
According to the Federal Government, the direct cost of cybercrime to Australia in the past 12 months is estimated to be more than $1 billion.
In 2014, the Government’s national Computer Emergency Response Team (CERT) responded to 11,073 cyber security incidents affecting Australian businesses, 153 of which involved systems of national interest, critical infrastructure and Government. Furthermore, the Government’s Australian Cyber Security Centre recorded 1,131 cyber intrusions in 2014 involving Government agencies, an increase of 20 percent on the previous year.
These concerning figures led to the Government releasing its first ever unclassified cyber security threat report in July 2015, commenting that “the cyber threat to Australian organisations is undeniable, unrelenting and continues to grow”.
As Australia’s home online, the .au domain name is at the forefront of the nation’s digital economy and a prime target for hacking activity.
Security vulnerabilities in the systems and infrastructure that comprise Top-Level Domain name assets are a well-known source of infiltration into the world’s most attractive hacking targets.
Over the past few years, dozens of major hacking incidents have been perpetrated by exploiting vulnerabilities in domain name Registrars to perform malicious activities on the digital assets of some of the world’s leading brands.
Attacks on Registrars in the United States, Ireland, Malaysia, the Netherlands and other countries around the world have crippled the websites of Google, YouTube, Microsoft, Facebook, Yahoo!, Bing, MSN, Skype and many more.
We’re acutely aware that Australia and .au are not immune to Registrar-based attacks. In June 2011, we witnessed arguably the worst security incident in .au’s history when .au Registrar Distribute.IT was hacked and suffered significant damage and loss of data to a point where customer websites were unrecoverable, impacting many businesses across Australia.
Within a matter of hours, losses from the Distribute.IT incident were estimated to be tens of millions of dollars and ultimately proved fatal for the company, which ceased operations shortly after.
Following the Distribute.IT incident and the increasing attacks on Registrars globally, .au Domain Administration (auDA) and AusRegistry spent two years consulting the industry to gather feedback and recommendations on how we can better address Registrar security threats.
An end result of these consultations was the development of a world-first Registrar Information Security Standard (ISS) for .au Registrars, which was launched in 2013. Registrars were given two years to meet the ISS standard and the deadline is rapidly approaching in October of this year.
What is the .au Registrar Information Security Standard?
The .au Registrar ISS is a set of mandatory protocols which will help .au Registrars manage and improve the security of their infrastructure and systems, as well as protect the stability and integrity of the .au namespace.
Managed by auDA, the mandatory protocols in the ISS will ensure accredited .au Registrars have numerous levels of redundancy in place and adhere to industry best practice security measures to defend against attacks.
The standard complements the requirements under the ISO 27001 information security management system and builds upon this with specific certifications that apply only to the management of domain name credentials.
The theory behind the ISS is that these shared best practices across the industry will act as a rising tide to lift all boats – from .au domain registration right through to hosting services. This will in turn give .au domain name owners increased confidence in the management of their online assets and improve consumer trust in the .au namespace.
Implementation of .au Registrar ISS
The ISS was developed in consultation with AusRegistry, Registrars and other industry participants through the 2012 Industry Advisory Panel, and was approved by the auDA Board in February 2013.
Registrars must achieve ISS compliance by 31 October 2015, while information security auditing company Vectra has been appointed to ensure compliance.
The feedback I have received from Registrars shows general support for the ISS and they welcome the benefits it brings to their business. In fact, most had already identified attaining ISO 27001 as an important strategic goal for their business operations and to support ongoing growth.
Unfortunately, there may be some Registrars who will be unable to achieve ISS certification. We’ve already seen consolidation in the Registrar market ahead of the October deadline, with VentraIP’s Angelo Giuffrida citing the ISS as one of the reasons behind their recent acquisition of IntaServe.
We may see a few more Registrars choose to de-accredit their business and move to a reseller model as the deadline draws closer. During this period AusRegistry is available and ready to help any of our Registrar clients to better consider their options and make the best decision for their business and customers.
What to expect post-ISS deadline
The ISS certification will not be effective without compliance auditing and the motivation for compliance will not be inherent if there is a lack of actual enforcement.
To this end, auDA may issue suspension notices to Registrars who fail to achieve ISS certification by 31 October 2015. This would mean these Registrars would be suspended from creating new .au domain names or accepting transfers in, during which time they would be given the chance to complete their certification or risk being terminated.
Importantly, .au domain name owners can have confidence that their domain names will remain fully operational despite any uncertainty in any Registrar’s accreditation standing.
AusRegistry and auDA have jointly developed contingency plans to manage the process and protect Registrant and the Registrar interests. The integrity of all .au domain name records and data will be maintained and managed by AusRegistry and auDA in any circumstance.
The Distribute.IT security incident and the large number of Registrar attacks globally perfectly demonstrate why the .au Registrar ISS is so important.
It’s clear that cybercrime will continue to increase, and our position on the frontline of the nation’s digital economy places our .au Registrars in the crosshairs of hackers around the world. Attempts to hack .au Registrars are inevitable.
With the implementation of the world’s first Registrar ISS, the .au namespace is now arguably one of the world’s most securely-managed Top-Level Domains and certainly one of the most prepared to respond to these attacks. It increases security mindfulness and builds greater capability across all Registrars to drive increased trust and confidence in the namespace.
Global Registrar security incidents – 2012 to 2015
May 2015 – United States: Domain Registrar Informs of DNS Hijacking
Feb 2015 – Vietnam: Lenovo, Google websites hijacked by DNS attacks
Jan 2015 – Malaysia: Malaysia Airlines website compromised by 'cyber caliphate'
Nov 2014 – United States: Craigslist Domain Name Hijacked by Hackers
Feb 2014 – United States: Hackers try to hijack Facebook, other high profile domains through Registrar
Jan 2014 – China: China internet outage blamed on 'hijacking'
Oct 2013 – Malaysia: Google Malaysia taken offline by hackers
Aug 2013 – United States: New York Times, Twitter domain hijackers 'came in through front door'
July 2013 – Netherlands: Thousands of websites defaced after Registrars hacked
July 2013 – Malaysia: Several high-profile .my sites DNS-hijacked
April 2013 – Kenya: Google, Microsoft, LinkedIn hacked in DNS hijack
April 2013 – Oman: Google Oman domain hijacked by Hackers
Nov 2012 – Romania: Google, Yahoo Among Sites Hit in DNS Attack
Nov 2012 – Pakistan: Google & Apple hit in high-profile Pakistan hack
Oct 2012 – Ireland: Google and Yahoo Irish search domains hijacked
By George Pongas
General Manager of Naming Services, AusRegistry