SAN FRANCISCO–(BUSINESS WIRE)–lt;a href=”https://twitter.com/hashtag/m3aawg?src=hash” target=”_blank”gt;#m3aawglt;/agt;–As a young security consultant, Dave Piscitello wondered, “how do these
guys get away with all this spam and malware?” which led him to take on
the challenging work of persuading the online ecosystem to address DNS
abuse and related issues through his years at ICANN and in his
involvement with other industry associations. Acknowledging the range
and significance of these efforts, the Messaging, Malware and Mobile
Anti-Abuse Working Group presented the 2019 M3AAWG Mary
Litynski Award to Piscitello at the M3AAWG 45th
General Meeting on February 19 in San Francisco.
“With his persistent and unswerving outreach, Dave was eventually able
to push the industry to address domain name system abuse to the point
that preventive measures have become an ongoing discussion area within
the ICANN community. This is an example of how one person can change the
accepted perspective around a problem and make a difference, which is
the spirit behind the M3AAWG lifetime achievement award,”
said Severin Walker, M3AAWG Chairman of the Board.
“It’s also just one of the many contributions he has made over the years
in driving the industry to adopt better security measures and he is
still energetically urging both the industry and public managers to take
action around critical issues. For example, Dave has been actively
meeting with law enforcement and data protection policy makers to
educate them on the importance of WHOIS access for security researchers,
which has been severely restricted due to ill-conceived and overreaching
policies implemented to comply with the European Union’s new privacy
laws,” Walker said.
Piscitello was recently named a partner at Interisle Consulting Group
and serves on the APWG (Anti-Phishing Working Group) and the CAUCE
(Coalition Against Unsolicited Commercial Email) Boards of Directors.
During his career, Piscitello served on the Internet Engineering Task
Force and the IETF Steering Group and was a technical advisor to
security and broadband access companies during the turbulent dot com
era. He recently retired from ICANN, the Internet Corporation for
Assigned Names and Numbers, which is the not-for-profit organization
that coordinates the unique identifiers used on the internet that allow
computers to find each other. While there, Piscitello served as an ICANN
SSAC (Security and Stability Advisory Committee) Fellow and later, as
the vice president of security and ICT coordination.
Piscitello was responsible for bringing law enforcement into the ICANN
Public Safety Working Group and encouraged private/public cooperation at
ICANN. As he and industry trailblazers Vint Cerf, Steve Crocker and Tom
Grasso explain in his acceptance video at https://youtu.be/tgLqRR-iVMs,
Dave developed a highly-lauded, international law enforcement training
program and was the project lead on creating the ICANN Domain Abuse
Activity Reporting (DAAR) system to identify patterns of domain
registration exploitation. He also has written numerous articles on DNS
and abuse issues to educate the industry on how to protect end-users and
regularly blogs at www.securityskeptic.com.
GDPR and WHOIS Access Concerns
Piscitello said in accepting the award, “We need to adopt privacy and
data rights protection but not at the cost of public safety,” addressing
the implementation policy adopted by ICANN to comply with the EU General
Data Privacy Regulation that has restricted security researchers’ access
to the data that identifies the owner of a domain name.
“There’s a disconnect here. Without the ability to identify suspicious
actors, legitimate and lawful investigators such as security researchers
and law enforcement are blindfolded. We’re not third-parties who are
using WHOIS information commercially, but, rather, we’re the first
responders of cybercrime, part of a critical community that mitigates
threats and provides for the public’s safety,” he said.
He also noted that both industry and government need to be more
transparent for the internet to thrive and not be overrun with abuse.
“Both are going to have to be more accountable. This is an interesting
period for us and we all have to adjust because there’s so much at
stake,” he said.
Piscitello started working in the computer industry in 1974 when he took
a programming job at Burroughs Corp. to pay for graduate school where he
was studying to become a philosophy teacher. He was assigned to rewrite
some remote access software and became intrigued by data communications,
which led to his career in networking and security.
The M3AAWG Mary Litynski Award is presented annually to
recognize the lifetime achievements of an individual who has
significantly contributed to making the internet safer for all. Details
and submissions for the 2020 award are at https://www.m3aawg.org/events/m3aawg-mary-litynski-award.
The 2019 award was announced at the M3AAWG 45th
General Meeting where about 500 participants from over 20 countries are
attending more than 50 sessions on cybersecurity, current malware
threats, DDoS attacks, mobile issues, and other topics. The next M3AAWG
meeting will be June 3-6 in Budapest, Hungry, and details are available
About M3AAWG (the Messaging, Malware and
Mobile Anti-Abuse Working Group)
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)
is where the industry comes together to work against bots, malware,
spam, viruses, denial-of-service attacks and other online exploitation. M3AAWG
members represent more than two billion mailboxes from some of the
largest network operators worldwide. It leverages the depth and
experience of its global membership to tackle abuse on existing networks
and new emerging services through technology, collaboration and public
policy. It also works to educate global policy makers on the technical
and operational issues related to online abuse and
messaging. Headquartered in San Francisco, Calif., M3AAWG
is driven by market needs and supported by major network operators and
M3AAWG Board of Directors and Sponsors: 1
& 1 Internet SE; Adobe Systems Inc.; AT&T Comcast; Endurance
International Group; Facebook; Google, Inc.; LinkedIn; Mailchimp;
Marketo, Inc.; Microsoft Corp.; Orange; Proofpoint; Rackspace; Return
Path, Inc.; SendGrid, Inc.; Vade Secure; Valimail; VeriSign, Inc., and
Verizon Media (Yahoo & AOL).
M3AAWG Full Members: Agora, Inc.; Akamai
Technologies; Campaign Monitor; Cisco Systems, Inc.; CloudFlare, Inc.;
Cyren; dotmailer; eDataSource Inc; ExactTarget, Inc.; IBM; iContact;
Internet Initiative Japan (IIJ); Liberty Global; Listrak; Litmus;
McAfee; Mimecast; Oracle Marketing Cloud; OVH; Spamhaus; Splio;
Symantec; USAA; and Valimail.
A complete member list is available at http://www.m3aawg.org/about/roster.
Linda Marcus, APR,