The proposal is one of a raft of issues canvassed by the auDA advisory panel in an issues paper released in June, submissions to which closed last Friday, 20 July.
The paper notes that: "Under the Registrar Agreement, all registrars are obliged to immediately give auDA notice of any security breaches affecting any part of their systems. There are currently no other requirements in relation to registrar security."
The move to beef up security requirements on registrars was precipitated by the 2011 hacking of registrar distribute.IT, which destroyed the company. According to a report in The Australian at the time, the hackers chose the quite time of a Saturday night on June 11 to launch a highly sophisticated attack which wiped out distribute.IT's hard drive address blocks.
This incident prompted auDA to draft an Information Security Standard (ISS) "to assist registrars to manage and improve the security of their own businesses in a way that also protects the integrity and stability of the .au domain space," and a registrar certification process. Together they form the draft auDA ISS Compliance Policy.
NetRegistry CEO, Larry Bloch, told iTWire "The discussion paper is very onerous for registrars and I think it may be overkill, There is a myriad of requirements on registrars from audits of their systems to escrow of information to regular monitoring."
You can read more stories on telecommunications in our newsletter ExchangeDaily, click here to sign up for a free trial...