Rodney Joffe, senior vice president and chief technologist at Neustar, joined the company in 2006 upon its acquisition of UltraDNS, a directory services provider he founded in 1999.
Joffe now heads Neustar’s Internet infrastructure services group and frequently collaborates with federal decision makers on how they should combat cyber crime and cyber terrorism.
Earlier this year, Joffe was selected for an FBI Director’s Award after working with investigators to stop a botnet that affected computers in more than 32 countries (click over to GovCon Executive for more coverage).
In this conversation with ExecutiveBiz, Joffe gives an insider’s perspective into these collaborative efforts and how they can help bring government and industry closer together to tackle cyber threats. He also explains why he chose to join Neustar and how the company seeks to address the changing threat landscape.
ExecutiveBiz: What are your current priorities and how have they evolved since you joined Neustar?
Rodney Joffe: When I first founded UltraDNS, I functioned as the chairman and the chief technology officer. When the company was acquired by Neustar, my role changed. Initially, I remained the CTO of UltraDNS, but over the years it’s evolved to where I give technical guidance not just for the UltraDNS side of the business, but actually for a much larger portion of the company.
So, my purview is a number of areas, including anything related to Internet protocol (IP), such as our registry side and our domain registration side. My background is security, and so I’ve gotten more involved over time as security has become more and more of an issue. The role that I’ve moved into today is Neustar Fellow, where I provide guidance for the company overall from a technical point of view. I’m also then responsible for looking at security as a segment from a product and a marketing point of view, and advising the company about things that are going on in the industry that may number one, affect us as a company, and number two, present us with opportunities.
And so cybersecurity has become a major part of what I do. I spend most of my time actually involved on the security side of not just the company, but the world in general. I’ve been involved in a number of national level exercises such as CyberStorm, I’ve written some security focused papers, and I also deal with our federal customers, where we provide the DNS and some other data and analytics to those federal customers, contractors, and other large companies in the federal sector.
I look at cybersecurity from a global point of view, specifically as it relates to DNS and as it relates to routing, and I provide advice asked for by different bodies. I’m in my second term on the FCC’s CSRIC, which provides guidance to the FCC on security and cybersecurity issues. I’m on the ICANN Security and Stability Advisory Committee and have been for a number of years. So that’s really what’s changed with my role. I used to be much more involved in day‑to‑day operations, both as the chairman and as the CTO, and it’s much less of my role now. I’m really looking at things from a strategic point of view.
ExecutiveBiz: What was attractive to you about Neustar when it purchased UltraDNS?
Rodney Joffe: Neustar was a company that had developed a great reputation in our world. It was well respected from the directory point of view in terms of the routing of phone numbers in the U.S. The company was publicly owned, but it was very, very well run, and had a great management team. We had been approached by a number of companies who wanted to acquire us, and both the culture and the opportunities looked much more interesting from Neustar than from the other public companies we talked to.
They had a commitment to allowing the business to continue in the direction it was heading and were going to expand our ability to do business. They had a large number of customers and being operators of the North American Numbering Plan, and operators of the NPAC, which is telephone directory infrastructure, they also were a very profitable company. It was very clear that the budget would be available to allow us to expand. So for us, it was very much a no‑brainer. The offer was good, and the opportunities were enormous.
ExecutiveBiz: What are some cybersecurity trends that have emerged since you joined Neustar and how does the company work to address them?
Rodney Joffe: So, there are two sides to this. The internal side and how we deal with cybersecurity has certainly evolved, and then the way that cybersecurity has changed in a global fashion.
From the internal point of view, when I started with Neustar in 2006, the world was not as organized as it is now and cybersecurity was just becoming an issue. At that time, we had an operations center which was running both network and systems operations and that was it.
What’s evolved over time is that we’ve gotten much more involved now in the essence of change. We’ve developed additional 24‑by‑7 NOCs (Network Operation Centers) and because we operate globally as a company we recognize now that our robustness and redundancy were needed. That was the first thing.
The second thing is that we’ve evolved to have both a SOC (Security Operations Center) and a CIRT incident response group. We have both of those as independent groups, where they work together, but they have independent missions. As a company, that’s really become a real issue we’ve identified as a critical infrastructure operation, both on the Telco side and also on the IP side.
One of the things that other companies may not realize is that we run the DNS infrastructure for a pretty significant portion of the world. We run not only the .us and .biz domains from the registry point of view, but we also run the DNS for about 15 or 20 countries, so we’re authoritative for .uk, for Canada, for New Zealand, for Japan, amongst others. And with the way that attacks have evolved, the bad guys have obviously come to realize that if they get to our infrastructure, the impact is global. We’ve had to evolve that over the last six or seven years, so that’s become significant.
Because we’re a provider of both Telco and Internet services we’ve had to become much more resilient and much more aware of what’s going on in the outside world. And because we’ve been targeted so often, we’d like to think that we’re one of the better prepared organizations for some of the events.
On the external side, we’ve built some unique capabilities into our company and into the services we provide. When our infrastructure gets affected, it also affects a large number of organizations, and even countries. So, we’ve tried to get ahead of that process by actually building some teams that spend time monitoring the underground, looking at what is going on in the underground, and trying to watch the chatter to identify any planning discussions that might affect us or our customers. If we saw malware that was actually built and designed that showed that we were targeted, we looked for that very early on, because being prepared in advance is half of the battle.
We’ve also acquired a company called TARGUSinfo, which is one of the biggest marketing data analytic companies, and we acquired a company called Quova, one of the largest IP geography companies in the world that identify physical location for IP addresses. Generally for marketing, but also for the intelligence, we were able to add those capabilities and knowledge base into what we had from a security point of view, resulting in the development of a number of services that are related to analytics of data from a security services focus.
And that’s something that is now becoming a significant portion of our new initiative. Both the internal and external capabilities are critical to our every day business.
ExecutiveBiz: You’ve led some working groups in the past. How do those groups help bring government and industry together to try to tackle cyber issues?
Rodney Joffe: There has been an ongoing battle for probably the last eight or nine years to improve public private partnerships for information sharing, and for a long time, no one seemed to be able to actually solve that. There was a natural bias within the government side with law enforcement and the Intel community to be read‑only. To be happy to accept information, but not to share information out.
There was a realization in the 2004‑2006 period that 70 or 80 percent or more of the government and federal infrastructure was actually provided, operated and managed by the private sector, and so there was an effort by the federal sector to try to improve the whole process of sharing, but it was unsuccessful.
In about 2009, there was a significant change in the way that malware worked with something called Conficker. Conficker actually gained a lot of awareness in the security industry, but the government was pretty far behind it. What we identified as individuals was that the Conficker attacks were really quite ground changing and rule changing.
And so in the private sector, we had developed a mechanism of working groups and started a set of working groups specifically focused around Conficker. The impact of Conficker accelerated very rapidly. The people behind it were able to move very, very quickly, and very dynamically change the profile of the attack, and it became a real battle that needed a lot of international cooperation. I spent a fair bit of time in Washington, D.C. talking to the Administration, the House and the Senate, and the Federal Sector, trying to push for number one, awareness in those sectors that this was an major issue, and number two, also create awareness within the government themselves that they were at risk.
I didn’t get a lot of traction, and being pretty obstinate, I had no problem in sharing what I was finding with anyone who would listen. In the first days of the Obama Administration, they were really very aware of the fact that a whole young generation had come in that was much more tech savvy. The Obama staffers were aware of what was happening, and so through the working group I was able to get real awareness of the issues around Conficker from the administration, but more importantly, to show that this type of working group was a very successful example of the private sector working together. Not the public sector, but the private sector. So, we managed to get the private sector working together globally, not just in the U.S. In fact at one point there were over 110 countries who were involved in the task force and looking to trying to solve the issue.
The administration came to me not very long after this and asked if I would come and talk to them about why I thought that the Conficker work group was so successful as a multinational and a multi‑industry, multi‑stakeholder working group, and what could be done to actually use it as a model as they moved forward getting public/private partnerships working with the federal sector in the U.S. The model we developed is still used today as a best‑practices framework for public/private partnerships.
A lot of other work groups of have evolved off of that. I’m involved in probably four or five that have been very successful, but the difference in all of the others compared to that initial Conficker working group is that they now seem to include a number of portions of the federal sector who have learned over time to share information depending on the nature of the working group. Today I think you can look at the sharing infrastructures and the sharing agreements that exist between the public and private sector as probably having benefited from what we did with Conficker.
ExecutiveBiz: What are some other ways that government and industry can extend and expand their collaboration?
Rodney Joffe: The first thing to do is to get over the natural historic attitude about keeping everything secret and keeping information to yourself. Overcoming that gives you power and strength and the federal sector has gotten a lot better in that area.
It’s doing it in a number of interesting ways. One of the very successful things that I’ve seen that was very impressive is that Homeland Security built frameworks for sharing information with something called CISCP through US-CERT, and with cooperative research agreements that are designed specifically to allow the sharing of information with the private sector.
It’s a real move to not just feed bits of information that may be relevant to the private sector, but to share large pieces of information and make use of the very good resources that exist in the private sector, in terms of correlation, threat analysis, attribution, and defenses and defense technologies, and be able to share them for everyone’s benefit. That’s been a really big change I’ve seen out of Homeland Security.
What I’m seeing also from the administration, through OSTP, are a number of initiatives where there’s a lot of support for not just sharing information, but also for funding initiatives in the private sector, not just in traditional places which are universities, but in small groups of individuals who have volunteered for many many years to try and make things better from cybersecurity point of view.
There’s funding and support for those kinds of things, so for the last four years, I’ve seen a major shift, a very positive shift, in the way that administration actually looks at cybersecurity, and I’m also seeing that kind of thing now in the legislative branch, where we’re starting to see much more awareness by the legislators and the challenges of cybersecurity, cyber issues, and mechanisms that are much better focused that allow people to support the mission of dealing with the cyber domain.