(Almost) One year European TLD ISAC – A view from behind the scenes


On 28 February 2023, the work of the TLD ISAC Working Group kicked off – at least for me as TLD ISAC coordinator. By Nina Elzer.

By that time an immense amount of preparatory work had already been done to get the ball rolling. This is not without reason: the European TLD ISAC is the first of its kind. Prior to that there simply was no information sharing and analysis centre for top-level domains. And even though its founding members are all part of CENTR, this is not where membership will end.

As a TLD coordinator, it is my task to support the Working Group (and its task forces) and the Steering Committee to make sure that the work keeps flowing and that everyone knows where they are and what to do by when. It also includes some of our external relations, i.e., feeding our website and social media, managing press requests and organising the yearly ISAC conference. This is why what you read in this blog post is from a rather non-technical point of view. But…

… let's start with the beginning

The name of the TLD ISAC speaks for itself. Its raison d'être is to share and analyse information and data among its members to achieve the objective to enhance the cybersecurity preparedness and resilience of all affiliated top-level domains across Europe. For now, the TLD ISAC remains under the cozy roof of CENTR. But as with children that gain and reach a certain maturity, the TLD ISAC will eventually spin off as an independent organisation. To develop into a full, independent ISAC, however, at least three ingredients are indispensable: an environment of trust, some structure and above all: people.

An environment of trust

Some may consider the TLD ISAC a special kind and further evolution of CENTR's Security Working Group now that the latter has been paused to the benefit of developing the TLD ISAC. This is true to some extent. At the same time, the TLD ISAC is and will be much more. Yet, through these roots, the TLD ISAC can benefit from a major fertiliser and stabiliser within the CENTR community: trust. The ultimate test will therefore happen when the TLD ISAC leaves the coziness of the CENTR community and also allows non-country-code registries to join.

The structure

While trust is a non-negotiable ingredient, for information to flow across members you need more. You need structure. This includes a technical (infra)structure, e.g., a platform, that provides the secure environment needed to share information in confidence. At the same time, you need the capacity and capability to interpret and use such information on the receiving end. While the very infrastructure on members' end is outside the scope of the TLD ISAC itself, there is a milestone dedicated to capacity-building.

In addition to the infrastructure, you also need some rules, standards, and guidelines to support the sharing and to provide a framework that everyone can rely on.

Also, the actual work that goes into the TLD ISAC needs a structure. Our work, for example, is structured into seven milestones. Each milestone consists of one to seven work packages. Currently, this amounts to 24. Each work package has its own objective and a list of deliverables. Progress and completion of a work package will contribute to the maturity of the TLD ISAC, something that is regularly assessed to fine-tune priorities, work packages and resources that go into it. Once a certain level of maturity is achieved, the TLD ISAC will become an independent organisation.

And most importantly: The people

The word "resources" will never capture what the heart and soul of any project is: the people who dedicate their time and effort to making things work. For the TLD ISAC, this means a working group currently consisting of a core of 9 volunteers seconded by the founding members who work on the various work packages. Now spread these 9 people over the 7 milestones and 24 work packages and you understand the amount of work (or people effort) that goes into the TLD ISAC - and why we encourage new members to join us, though for now, only full European CENTR members can join.

Different from other CENTR Working Groups, the TLD ISAC has a Steering Committee that gives impulses, oversees the work, priorities, and the dedicated budget, and makes sure that resources are channelled in the right direction.

What is very important to note here: everyone who works on the TLD ISAC does so in addition to their daily jobs. In other words: without these volunteers, the TLD ISAC would neither function nor develop.

What we have achieved so far...

2023 saw the TLD ISAC "go public". Not as a stock exchange listed company but as an outside-facing organisation. We launched the website with our new branding, our LinkedIn profile page, and we concluded our first ISAC conference with high-level external and internal speakers. We also managed to generate quite some interest from the press. Why we are not on X (previously Twitter) is another story that might merit a blog post.

We presented the TLD ISAC in various ICANN sessions and we take part in the meetings of ENISA and the EU Council of ISACs. The transfer to our chosen intel platform is on its way, and we keep working on a security maturity model benchmark, 3SG EPP and zone management guidelines, and a threat landscape analysis – to name but a few!

...and where we are heading

Some of the work started in 2023 will continue into 2024. (Only) the highlights in 2024 will feature a new series of internal intel sharing sessions, a joint crisis management exercise, and obviously our second ISAC conference. Exciting work ahead of us and I am looking forward to continuing my TLD ISAC experience!

Nina Elzer is the TLD ISAC coordinator, responsible for the management of its Working Group and Steering Committee, as well as the organisation of the yearly ISAC conference and ancillary tasks that keep the work going. She works as an independent consultant and used to be part of the CENTR team from 2014 to 2018.