My Interisle colleagues and I submitted a response to the U.S. Department of Commerce’s Notice of Proposed Rulemaking "Taking Additional Steps To Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities" [ https://www.federalregister.gov/documents/2024/01/29/2024-01580/taking-additional-steps-to-address-the-national-emergency-with-respect-to-significant-malicious ]

This proposed rulemaking solicited comments on proposed special measures to deter foreign malicious cyber actors' use of U.S. IaaS products. Our comments consider the proposal of regulations to “verify the identity of foreign customers of IaaS products”, in particular noting that the DNS should be treated as an IaaS. Find our comment at https://www.regulations.gov/comment/DOC-2021-0007-0478

[I'll note here that we commented within the proposed regs for "foreign customers". We believe that identity verification should not be limited to foreign customers but should encompass all customers.]

Interisle also commented on the proposal of regulations that “require providers of certain IaaS products to submit a report to the Secretary when a foreign person transacts with that provider or reseller to train a large Artificial Intelligence (AI) model with potential capabilities that could be used in malicious cyber-enabled activity”. Interisle’s comments are based on what we have observed analyzing cybercrime data from the Cybercrime Information Center, visit https://cybercrimeinfocenter.org

#IAAS #DNS #cybercrime #NPRM #identityverification #uscyberregs