The passing of J.D. Falk, five years hence

J.D., if nothing else, was all about the best practices, and standards. Today marks five years since he ambled off this mortal coil, leaving a hole in the hearts of friends and family, some published documents that bear his name, others his imprimatur, and a lasting impression upon we, his colleagues in the anti-abuse community. In other words, he made the difference we all aspire to.

[Author’s note: As I write this (October 23), the second massive denial of service attacks in two weeks, threatening to take down significant sections of the Internet has just ended. Could full implementation of Operation Safety net have prevented this? While technology on both sides, attackers and victims is constantly evolving, I am forced to say yes, OSN could readily have helped. – ns]

The M3AAWG/UCEnet (nee London Action Plan/CAUCE omnibus best practices document, entitled Operation Safety Net – Best Practices to Address Online, Mobile, and Telephony Threats has been a boon to government, industry, and end-users, and, to be honest, to me personally.

Cutting through the complicated techno-jargon too often bandied around in our industry, which serves to befuddle the audiences we must influence are we to affect the foundational changes needed to secure the net infrastructure, the 76-page report written by security experts from around the world was originally requested by the Organization for Economic Co-operation and Development in 2012, then updated in 2015.

As the lead author and shepherd André Leduc noted recently, “Translating our technical and engineering way of talking into plain language was probably the most important part of this work. We wanted to create a report that a security officer or an engineer could give to colleagues and management to help them understand cyber-attacks and why their organizations might be targeted. We also wanted to make it easy for government policy makers in both the developed and developing countries, where they may not have much technical experience, to take action.”

André Leduc recently won the 2016 J.D. Falk Award, deservedly, for his work on this remarkable project.

I was on the small team along with former M3 Co-chair Alex Bobotek, and my long-time cohort CAUCE President John Levine who presented the first iteration to the OECD Consumer Safety Working Group in Paris.

After that, the real work began. While everyone at M3 knew about the document, that was kind of like preaching to the converted, and we needed to get the document out into the rest of the world, who were (and still are) blissfully unaware of the steps we all must take to batten down the hatches.

To make the best practice information more accessible, the report, originally published in English, has been translated into French and Spanish, as well as localized in summary form in Japanese and Thai. That’s where I come in.

One of the most delightful things I get to do these days is speak and train in various parts of the world, and OSN has been a foundational part of my materials since it was first published. I had the opportunity to facilitate inclusion of the document into the IGF’s Antispam Toolkit (although OSN deals with issues far more broadband than ‘mere’ spam) at the meeting in Joao Pessoa, Brazil. As well, through the help of the M3Anti-Abuse Foundation I presented the work to the African ISP association in Tunis, Tunisia, well as to a group of law enforcement officials in Thailand.

Working with M3AAWG organization Team Cymru, CAUCE sent me to present in Santiago Chile, again to law enforcement, and with partner organization World Hosting Days I put our work in from of hundreds of new and established hosting companies and registrars, in Singapore, and Bangalore, India.

This month I travel to Japan, to lay out the ground work to protectorates of critical infrastructure – Japanese (atomic) power companies want to know more, and better, how to protect themselves from simple vandalism, or, what could be far, far worse, to the point of being catastrophic.

As my colleague, friend, and CAUCE board member Kelly Molloy quipped ‘this is why spam matters’. Spam is a conveyance. Operation Safetynet, the solution

I just reviewed my memorial blogging at the time of J.D.’s death, I ended with this: “Simply put, honour his legacy by continuing it“.

I’m so very glad to say so many are doing exactly that.