A2-1_M3AAWG Chairman's Update

Transcript

1. JP-AAWG 2019 | Tokyo | 14 Nov 2019 M3AAWG Chairman’s

   Update Severin Walker M3AAWG Board Chairman

2. JP-AAWG 2019 | Tokyo | 14 Nov 2019 M3AAWG Overview

   2

3. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Who is

   M3AAWG? Constituencies and Demographics “The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) is where the industry comes together to work against botnets, malware, spam, viruses, DoS attacks and other online exploitation” ➔ 200 member orgs “worldwide” ➔ 300-400 conference participants ➔ technology-neutral, non-political working body focusing on operational issues of Internet abuse – Supporting technologies – Industry collaboration – Informing Public Policy 3

4. JP-AAWG 2019 | Tokyo | 14 Nov 2019 What Does

   M3AAWG Do? Distill Industry Knowledge into BCPs The “M” cubed: ➔ Messaging: abuse on any messaging platform, from e-mail to SMS texting ➔ Malware: abuse is often just a symptom and vector for viruses and malicious code ➔ Mobile: addressing messaging and malware issues emerging on mobile as an increasingly ubiquitous platform Develop and Publish: ➔ Best practice papers ➔ Position statements ➔ Training and educational videos 4 Public Policy and Industry Guidelines https://www.m3aawg.org/for-the-industry/published-comments The Anti-Bot Code of Conduct for Internet Service Providers https://www.m3aawg.org/abcs-for-ISP-code

5. JP-AAWG 2019 | Tokyo | 14 Nov 2019 What Does

   M3AAWG Do? Who Do We Work With? Unsolicited Commercial Enforcement Net ➔ Operation Safety Net FIRST ➔ Anti-abuse business case and outreach Internet Society ➔ Training materials i2Coalition ➔ Collaboration on Hosting BCP EastWest Institute ➔ Outreach and Transnational Policy Engagement Anti-Phishing Working Group (APWG) ➔ Anti-Phishing Best Practices for ISPs and Mailbox Providers LAC-AAWG ➔ Updating and developing BCPs to reflect LAC dynamics JP-AAWG ➔ Working with regional orgs and industry partners AF-AAWG Development ➔ In progress with AfricaCERT 5 JP-AAWG

6. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Since we

   last spoke… 6

7. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Montreal, Canada

   October 2019 • We had 490 attendees from 27 countries, including 112 new attendees • Approximately 200 people attended the Monday Training sessions • Wednesday Open Roundtables had 145 attendees • How to Participate in M3AAWG Training & Networking with Chairs Social – 105

8. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Committee Updates

   Abuse Desk Committee • ”Difficult Conversations with Customers” Training in Development • Resources for growing and maturing an Abuse Desk Operation

9. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Committee Updates

   Brand SIG • Upcoming discussion: “Does a fake profile or threat actor have privacy rights?” • Development of the Brand Protection Kit: A materials collection for industry reference.

10. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Committee Updates

    Data and Identity Protection • MTA-STS, TLS 1.3, Zero Trust, and DNSSEC/DANE Sessions • New BCP & recipes documents published - M3AAWG Tutorial on Third Party Recursive Resolvers and Encrypting DNS Stub Resolver- to-Recursive Resolver Traffic • Leading collection of feedback and comment from M3AAWG community for NIST SP 800-207 Zero Trust Architecture draft. • Collaboration efforts for a DNSSEC case study involving Quantum Computing

11. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Committee Updates

    Data and Identity Protection • Hard work from M3AAWG DIP committee chairs and members lead to publishing of rfc8461(MTA-STS) recently! SMTP MTA Strict Transport Security (MTA-STS) is a mechanism enabling mail service providers (SPs) to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate.

12. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Committee Updates

    DDoS SIG • NANOG Joint Workshop in SFO DNS Abuse SIG • Ongoing efforts to work with ICANN regarding GDPR/WHOIS impact and policies

13. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Committee Updates

    Public Policy Committee • Abusive Material Takedown Best Practice ◦ Focus on creation of “[...] a taxonomy of abuse in tandem with developing a protocol, all the while looking for opportunities to leverage or combine efforts with other external committees working on similar projects.”

14. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Committee Updates

    Technical Committee - Mobile • GSMA is collaborating with M3AAWG on future initiatives, including on 5G. • STIR/SHAKEN focus for Montreal and beyond. How do we implement concepts like DANE/DKIM in the mobile space? • Best Practices for RCS Anti-Abuse being drafted

15. JP-AAWG 2019 | Tokyo | 14 Nov 2019 M3AAWG Outreach

    • DDoS Mitigation Presentations at LACNIC last week, JP- AAWG in 10 minutes, and the African Internet Summit in December • Ongoing work with MESSEU, conference in December • FIRST 2020 Call for Papers: https://www.first.org/conference/2020/cfp

16. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Montreal –

    October 2019 48th General Meeting February 17-20, 2020 The Fairmont Hotel San Francisco, CA Join us!

17. JP-AAWG 2019 | Tokyo | 14 Nov 2019 Questions? Comments?

    [email protected] 17