Leader in security

CSR Annual Report 2022

Safe and secure Internet browsing in Belgium

One of the core activities of DNS Belgium is increasing the level of safety and security of the Internet in Belgium. We are constantly taking new initiatives to make this happen. For example, we ran a cybersecurity campaign aimed at elderly people. We also extended the operational rollout of registrant verification in 2022.

Through registrant verification, we check the identity details of whoever registers a domain name – even before the domain name is granted (). This enables us to prevent fraudulent registrations. Because people wanting to register domain names for fraudulent purposes often provide incorrect data when applying, they do not respond to our request to provide correct data.

The far-reaching and automated way in which we currently check registration data is unique and we can see plenty of opportunities to expand registrant verification in the future. In 2022, a total of 29,220 newly registered domain names were selected for registrant verification. The owners of these domain names were contacted by us, asking them to identify themselves. Only once they had done so, were they able to use their domain name. It is often the case that it takes several weeks or even months for a domain name holder to identify themselves. In total, 12,313 owners were verified in 2022 and 21,058 domain names were released. A further 2,828 active domain names were also revoked because owner details were found to be incorrect after verification. 

The far-reaching and automated way in which we currently check registration data is unique

Also, with the aim of keeping the Internet safe, we made our Mercator web crawler open source in 2022. Mercator looks at recently registered domain names and collects publicly available information for each of those domain names and looks for irregularities that may indicate abuse. The fact that Mercator is open source means anyone can now use the code as well as the crawler for their own purposes. By making this happen, we hope to advance the cause of the domain name sector. 

Internal cybersecurity measures

In 2022, we increased our already very high level of internal cybersecurity measures. We held an information security audit based on the obligations set out in the NIS Act. Also in 2022, DNS Belgium was again awarded ISO 27.001 certification, which we first received in 2016. This certification means that we comply with strict standards in terms of data protection and cybersecurity and permanently monitor.

There were no instances of loss, theft or illegal leaks of customers’ personal data during the year. Nor were any substantiated complaints about breaches of customer privacy received from official bodies or rights holders.

Partnerships

For the third year in a row, we took part in the Cyber Security Challenge in 2022. This is a competition for students, based on cybersecurity. For the final of this hackathon, DNS Belgium devised some tough puzzles for the students to unravel. We take on this challenge to increase awareness about DNS and DNS security among students.

Working with the VRT, Mediawijs, Digital For Youth and the Cyber Security Coalition, we developed the EDUbox Cybersecurity in 2022, which we launched at the beginning of 2023. The free Cybersecurity EDUbox contains learning material for pupils in secondary school: pieces of theory, videos, interactive exercises and assignments. Students can work on the EDUbox independently in groups and in doing so gain knowledge of their online safety and security.

The Cyber Security Coalition is a partnership dedicated to strengthening cybersecurity in Belgium. It is a public-private partnership that brings together a range of different stakeholders. These include government agencies, businesses, academic institutions and non-profit organisations. The main aim of the Security Coalition is to promote cooperation and the exchange of knowledge between the various participants. The Coalition focuses on various aspects of cybersecurity, such as raising awareness of cyber threats, promoting good security practices, developing guidelines and best practices, and promoting cybersecurity research and development.

In 2022, we participated in several working groups and meetings run by the focus groups dealing with Awareness Raising, Policy Recommendations and Experience Sharing.

The gamification working group, which is chaired by our CSR manager, conducted a project with second-year game design students in conjunction with the Luca School of Arts. Together, they developed a number of game concepts that encourage players to conduct themselves more safely online.

The CENTR Security working group continued to be led jointly by our CISO in 2022 (Chief Information Security Officer). This international working group met twice. A security webinar was also held. Together, they produced a specific security directive for EPP (Extensible Provisioning Protocol) and analysed the results of the CM-SMM (CENTR Member Security Maturity Model) benchmark study.

KPIs

The following internal KPIs were defined for the “Leader in Security” segment of our strategy: two external and four internal ISO 27.001 audits to be completed, an annual cybersecurity awareness programme to be run, the number of domain names revoked and verified (these KPIs apply to the topics Policy compliance & transparent communication) to be published and two active contributions to partnerships. Registration platform availability above 99,95% available (Operational reliability) . All of these targets were met.

Read more