IE Domain Registry t/a .IE Annual Report 2021

Developments in 2021 During 2021, the global policy agenda was dominated by the assessment of policy options in handling online abuse which uses the domain name system (DNS). Through its multi-stakeholder structures, ICANN engaged with law enforcement agencies, intellectual property bodies, Internet service providers and the at-large community to discuss the issues arising and attempt to develop solutions. At the European level, in addition to anti-abuse, the agenda was shared by the Article 23 provisions in the NIS2 directive. The substantive work of the PAC during 2021 continued to monitor negotiations on NIS2, but the real focus was on developing a policy response to handling technical abuse and criminal abuse (illegality) which uses the domain name system (DNS). In the process, some basic principles were established, including: to be proactive with regulators and law enforcement rather than reactive to specific court orders; respond with urgency based on the severity of the alleged abuse. After the initial impact assessment by the PAC, the analysis phase addressed the issues in two separate work streams - technical abuse online and secondly, addressing criminal abuse (illegality) online. Proactively tackling online technical abuse which uses the .ie DNS There was full consensus among PAC members on the policy response to proactively identify online technical abuse issues, such as .ie websites that are hosting malware, phishing or botnets. It was agreed to engage a third party to proactively seek out technical abuse, and inform the registrar/hosting provider, who can assist their customers, whether SMEs or citizens, who are innocent victims of the cyber attack, in rectifying the situation. The Company agreed to finance the reasonable costs of this service to provide internet security monitoring services. The service includes cybercrime disruption, application security testing and automated vulnerability scanning. The engagement with and involvement of the accredited Registrar channel was a critical success factor in designing and operating the service. The chart below illustrates the number and type of cybersecurity attacks which were identified in the year to June 2022. While the number represents a tiny percentage of the database of 330,000 .ie domain names, the .IE Board considers it important to have helped 386 victims, many of whom were unaware of such phishing exploits etc on their websites. Number of cybersecurity attacks identified 386 June 2021 – June 2022 0 5 10 15 20 25 30 35 40 45 50 55 Jul 22 Jun 22 May 22 Apr 22 Mar 22 Feb 22 Jan 22 Dec 21 Nov 21 Oct 21 Sep 21 Aug 21 Jul 21 Jun 21 27 31 29 24 23 29 16 30 37 35 36 51 18 Phishing URL Web Shell Web-Inject Malware URL Shopping Site Skimmer Defaced Website Cryptocurrency Miner Fake Game Scam Phishing Dropsite Other Attack Types Source: Netcraft monitoring service of .ie domains  Phishing URL  Web Shell  Web-Inject Malware URL  Shopping Site Skimmer  Defaced Website  Cryptocurrency Miner  Fake Game Scam  Phishing Dropsite  Other Attack Types Policy Development .IE mirrors the international multi-stakeholder philosophy and principles within its structures and has adopted a bottom-up, consensus-driven, and consultative approach to all .ie namespace policy matters. Corporate Governance Chart 1: Internet security monitoring services for .ie domains IE Domain Registry CLG t/a .IE / Annual Report & Review 2021 16