RIPE NCC Response to the EU’s Cybersecurity Strategy
Dear colleagues, Over the last few days, the European Commission has published a number of proposals and strategy documents that lay out its plans for the digital economy. These include the Digital Services Act (DSA), the Digital Markets Act (DMA) and a policy document outlining the European Union's Cybersecurity Strategy for the Digital Decade. We are currently working through these documents to assess their impact on our operations, the multistakeholder ecosystem and the Internet at large. However, we’ve already seen that the cybersecurity strategy document makes a reference to our role as one of the DNS root server operators based in the EU, with a plan to "assess the role of these operators in guaranteeing that the Internet remains globally accessible in all circumstance.” We have issued a short public response to this point in particular, which you can find here: https://www.ripe.net/publications/news/announcements/ripe-ncc-response-to-th... Any feedback you might have on this statement is welcome. We will follow these proposals as they move through the legislative process and use the EU’s consultation processes to provide further input, as we continue to work with the European Commission, member states and other stakeholders to share our insights and expertise. The full proposals are available on the European Commission's website: - Digital Services Act (DSA): https://ec.europa.eu/info/sites/info/files/proposal_for_a_regulation_on_a_si... - Digital Markets Act (DMA): https://ec.europa.eu/info/sites/info/files/proposal-regulation-single-market... - Cybersecurity Strategy: https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=72164 We encourage community members to make their own impact assessments. We will provide further updates on any aspects that we think are relevant to the RIPE community's or the RIPE NCC's activities and interests. Best regards, Marco Hogewoning Manager, Public Policy and Internet Governance RIPE NCC
On 16 Dec 2020, at 16:29, Marco Hogewoning wrote:
Dear colleagues,
Over the last few days, the European Commission has published a number of proposals and strategy documents that lay out its plans for the digital economy. These include the Digital Services Act (DSA), the Digital Markets Act (DMA) and a policy document outlining the European Union's Cybersecurity Strategy for the Digital Decade.
We are currently working through these documents to assess their impact on our operations, the multistakeholder ecosystem and the Internet at large. However, we’ve already seen that the cybersecurity strategy document makes a reference to our role as one of the DNS root server operators based in the EU, with a plan to "assess the role of these operators in guaranteeing that the Internet remains globally accessible in all circumstance.”
We have issued a short public response to this point in particular, which you can find here: https://www.ripe.net/publications/news/announcements/ripe-ncc-response-to-th...
Any feedback you might have on this statement is welcome.
FWIW, as a root server operator being based in the EU we at Netnod fully support what you wrote. Our views are very similar. Patrik Fältström Technical Director and Head of Security Netnod
I am happy to see that we are all aligned. Let’s keep up and develop what we have been doing for decades. Daniel On 16 Dec 2020, at 17:15, Patrik Fältström via cooperation-wg wrote:
On 16 Dec 2020, at 16:29, Marco Hogewoning wrote:
Dear colleagues,
Over the last few days, the European Commission has published a number of proposals and strategy documents that lay out its plans for the digital economy. These include the Digital Services Act (DSA), the Digital Markets Act (DMA) and a policy document outlining the European Union's Cybersecurity Strategy for the Digital Decade.
We are currently working through these documents to assess their impact on our operations, the multistakeholder ecosystem and the Internet at large. However, we’ve already seen that the cybersecurity strategy document makes a reference to our role as one of the DNS root server operators based in the EU, with a plan to "assess the role of these operators in guaranteeing that the Internet remains globally accessible in all circumstance.”
We have issued a short public response to this point in particular, which you can find here: https://www.ripe.net/publications/news/announcements/ripe-ncc-response-to-th...
Any feedback you might have on this statement is welcome.
FWIW, as a root server operator being based in the EU we at Netnod fully support what you wrote. Our views are very similar.
Patrik Fältström Technical Director and Head of Security Netnod
Hi Patrik, My friend, what makes you think that root servers will even be relevant in just a few years? For all intents and purposes, they may well have moved, without anyone having noticed, from their nicely distributed view today, both geographically and politically, to… Cloudflare + one or two others. If the browsers are going to be sending queries over DoH to Cloudflare or even just to their own infrastructure, aren’t they the root servers? Maybe occasionally they will query to see if something has changed, but they can decide whether to accept that change. That is the concern that the commission and ENISA should seriously consider. Eliot
On 16 Dec 2020, at 17:15, Patrik Fältström via cooperation-wg <cooperation-wg@ripe.net> wrote:
On 16 Dec 2020, at 16:29, Marco Hogewoning wrote:
Dear colleagues,
Over the last few days, the European Commission has published a number of proposals and strategy documents that lay out its plans for the digital economy. These include the Digital Services Act (DSA), the Digital Markets Act (DMA) and a policy document outlining the European Union's Cybersecurity Strategy for the Digital Decade.
We are currently working through these documents to assess their impact on our operations, the multistakeholder ecosystem and the Internet at large. However, we’ve already seen that the cybersecurity strategy document makes a reference to our role as one of the DNS root server operators based in the EU, with a plan to "assess the role of these operators in guaranteeing that the Internet remains globally accessible in all circumstance.”
We have issued a short public response to this point in particular, which you can find here: https://www.ripe.net/publications/news/announcements/ripe-ncc-response-to-th...
Any feedback you might have on this statement is welcome.
FWIW, as a root server operator being based in the EU we at Netnod fully support what you wrote. Our views are very similar.
Patrik Fältström Technical Director and Head of Security Netnod
On 18 Dec 2020, at 11:29, Eliot Lear wrote:
My friend, what makes you think that root servers will even be relevant in just a few years? For all intents and purposes, they may well have moved, without anyone having noticed, from their nicely distributed view today, both geographically and politically, to… Cloudflare + one or two others.
He he he... I think it is important in the discussions we do not mix up discussions about the root server operators, distribution of the root zone, and the root zone service. Yes, interchanged a bit and mixed as in any Venn diagram, but still a bit separated. That said, it is not ME that see the importance, it is EU Commission that do. And that by itself might be a discussion item for this WG.
If the browsers are going to be sending queries over DoH to Cloudflare or even just to their own infrastructure, aren’t they the root servers? Maybe occasionally they will query to see if something has changed, but they can decide whether to accept that change.
I think at least we in the EU will discuss this during 2021.
That is the concern that the commission and ENISA should seriously consider.
They to some degree do. See the paper on "the need to create a European DNS service". Patrik
Eliot
On 16 Dec 2020, at 17:15, Patrik Fältström via cooperation-wg <cooperation-wg@ripe.net> wrote:
On 16 Dec 2020, at 16:29, Marco Hogewoning wrote:
Dear colleagues,
Over the last few days, the European Commission has published a number of proposals and strategy documents that lay out its plans for the digital economy. These include the Digital Services Act (DSA), the Digital Markets Act (DMA) and a policy document outlining the European Union's Cybersecurity Strategy for the Digital Decade.
We are currently working through these documents to assess their impact on our operations, the multistakeholder ecosystem and the Internet at large. However, we’ve already seen that the cybersecurity strategy document makes a reference to our role as one of the DNS root server operators based in the EU, with a plan to "assess the role of these operators in guaranteeing that the Internet remains globally accessible in all circumstance.”
We have issued a short public response to this point in particular, which you can find here: https://www.ripe.net/publications/news/announcements/ripe-ncc-response-to-th...
Any feedback you might have on this statement is welcome.
FWIW, as a root server operator being based in the EU we at Netnod fully support what you wrote. Our views are very similar.
Patrik Fältström Technical Director and Head of Security Netnod
On 16 Dec 2020, at 16:29, Marco Hogewoning <marcoh@ripe.net> wrote:
The full proposals are available on the European Commission's website:
Dear colleagues, In our focus on the cybersecurity strategy yesterday, I forgot to mention that the text of the new proposed NIS2 directive has also been published. You can find both the proposal as well as an annex further specifying some details of the implementation at the bottom of this page: https://ec.europa.eu/digital-single-market/en/news/proposal-directive-measur... <https://ec.europa.eu/digital-single-market/en/news/proposal-directive-measures-high-common-level-cybersecurity-across-union> Best regards, Marco Hogewoning Manager Public Policy and Internet Governance RIPE NCC
participants (4)
-
Daniel Karrenberg -
Eliot Lear -
Marco Hogewoning -
Patrik Fältström