Strengths and weaknesses
I've been working on a brief essay about internet security. The response to the Feb. 6 DDoS attack on the root servers can provide a useful institutional model for the future.
No, there wasn't an “official” institution that led the response. But the root server operators had learned from an earlier attack, and had moved towards anycast operations. Anycast worked, and users didn't even notice that anything was going on. While the attack was under way, the operators kept in close touch and coordinated their response with great effectiveness.
All of the internet governance models we have right now have strengths and weaknesses. For responses to problems like DDoS attacks, we'd need a forum for discussion that has (1) the non-mandatory merit-based processes of IETF, including real industry
involvement leading to substantial market pressure, (2) the globalness of IGF, (3) the agility of a private group, and (4) the clear voice of leadership that can be provided by government involvement. And we'd need to avoid the problems that all of these fora have.
To prevent future attacks, we'll need to prevent machines from being
turned into zombies that can be directed at targets. That's a big task
that requires coordination among many hardware manufacturers and
operating system designers. It can't be mandatory, this coordination, because that won't necessarily lead to the right set of solutions — but it can be agile, global, and well-led.