.IE Annual Report 2022

.IE is designated as an Operator of Essential Services (OES) under the NIS Directive. A revised Directive is awaiting transposition into national legislation by October 2024, and is expected to re-designate .IE as an “Essential Entity”. Cybersecurity: a key focus for the .ie namespace Business and Market Review As one of the guardians of Ireland’s national critical Internet infrastructure, the .ie namespace, we prioritise the protection of Irish consumers and SMEs from cyber criminals. We have implemented several measures to ensure the safety of the .ie domain, resulting in a considerably lower level of security threats compared to other top-level domains like .com. The Badness Index for .ie, compiled by the SpamHaus Project - an international non-profit organisation tracking spam and related cyber threats - stands at 0.0% / 0.00. Pre-check applications To maintain the integrity of the .ie domain, we pre- check new applications from individuals and businesses to confirm their connection to Ireland. This process helps prevent bad actors from registering .ie domains for illicit activities that might go undetected in unmanaged registries. Consumer protection protocols We have established protocols in collaboration with regulators to address online technical abuse and facilitate the takedown of .ie websites in specific circumstances. These protocols involve cooperation by our channel partners and regulatory authorities such as the Garda National Cyber Crime Bureau, among others. Tackling technical abuse online In our efforts to proactively respond to online abuse, we work with Netcraft, an Internet security services provider specialising in cybercrime disruption. Netcraft notifies our Registrars about websites hosting malware, phishing, or botnets, allowing the domain holders to take corrective action with the assistance of their Registrar or hosting provider. Netcraft continues to monitor the website after the fix to ensure the issue is resolved, benefiting innocent victims like SMEs who may be unaware of cyber attacks targeting them. MDR and SIEM .IE implements various other security measures to enhance the safety of its infrastructure and protect against cyber threats. We employ Managed Detection and Response (MDR) services to actively monitor and analyse network traffic, systems, and applications for signs of malicious activity. This, coupled with Security Information and Event Management (SIEM) solutions, allows us to collect, correlate, and analyse security event data, providing real-time monitoring, threat detection, and incident response capabilities. Risk management As part of our comprehensive security strategy, we prioritise third-party risk management. We conduct thorough assessments, evaluate security controls, and establish contractual agreements to enforce security and data protection requirements with our vendors and service providers. To fortify access controls, .IE employs Multi-Factor Authentication (MFA) as an additional layer of security for user accounts, both internal and external. By requiring multiple factors such as passwords, tokens, or biometric data, MFA helps prevent unauthorised access even if credentials are compromised. In recognition of our commitment to effective cybersecurity risk management, .IE has achieved ISO 27001 security certification. This certification validates our robust Information Security Management System (ISMS) and demonstrates our dedication to protecting and managing data in accordance with globally recognised standards. ISO 27001 provides a systematic approach to identify and treat cyber security threats, strengthening our defences across people, processes, and technology. IP address restrictions We implement IP address restrictions, allowing access to our network and systems only from trusted and authorised IP addresses. This restricted IP addressing reduces the attack surface by limiting potential entry points for malicious actors. With these security measures, including MDR, SIEM, 24x7 network monitoring, third-party risk management, MFA, restricted IP addressing, and ISO 27001 certification, .IE ensures the efficient and secure operation of the .ie domain. We remain committed to the ongoing monitoring and continuous improvement of our processes to safeguard the .ie domain and the interests of our users. “ISO 27001 certification establishes a robust framework for information security management, ensuring the confidentiality, integrity, and availability of sensitive data. By adhering to ISO 27001 standards .IE demonstrate our dedication to safeguarding information assets, building trust with our customers and stakeholders.” Mick Begley, Chief Information Officer, .IE .IE is the trading name of IE Domain Registry CLG / Annual Report & Review 2022 16