Jeff Schmidt, CEO of JAS Global Advisors, poses for a photograph at his company's office on N. Michigan Ave. Wednesday, March 14, 2012, in Chicago. | John J. Kim~Sun-Times
A Chicago company, JAS Global Advisors, is playing a key behind-the-scenes role in an unprecedented expansion of Internet domain names — the web’s equivalent of real-estate addresses dominated by .com, .gov, .org and .edu.
The expansion will open the way for new domain names ending in just about any word imaginable — from .chicago for people looking to identify themselves as Chicagoans, to .jeans to .security to .YourNameGoesHere.
The process is highly charged: Critics say the expansion will offer new opportunities for cybersquatters, Anonymous-style hackers and trademark and patent trolls, and give pornographers their own .xxx suffix.
Supporters say the new names will give businesses new marketing opportunities and, if run correctly, tighten up online security.
A controversy also surrounds the nonprofit group that runs the Internet-naming process. The board of ICANN, the California-based Internet Corporation for Assigned Names and Numbers, is battling U.S. Commerce Department concerns that its members may have too-close ties to companies that will bid on the new domain names. A board spokesman said the members operate under strict ethics rules. Separately, a national retailers’ advocacy group has complained that ICANN hasn’t given clear direction on how businesses should apply for, appeal or otherwise respond to the new domain names.
As a March 29 deadline nears for applications for the new domain names, JAS Global Advisors, headed by international online security expert Jeff Schmidt, will be one of three companies nationwide that will evaluate applicants for their technical and financial qualifications.
The applicants, including one for .chicago, also are judged on their security, stability, linguistic capabilities and ability to operate an Internet registry, among other things.
The evaluations are based on a 350-page document spelling out 50 questions and criteria by which answers will be judged.
“Some time in 2013, you’ll start to see new names on the Internet,” said Schmidt, 36, who ensures the online and data security networks of banks, stock exchanges, ICANN and security agencies such as the U.S. Department of Homeland Security. JAS Global Advisors employs 17 nationwide, including six at its headquarters in the Loop.
The slew of new names won’t slow Internet access times because they take up no extra bandwidth. They simply reflect an identifying tag.
Anyone who can pay the $185,000 application fee and meet the deadline may try to claim one of the 1,000 new domain names that ICANN will allocate in each calendar year.
Schmidt’s involvement in Internet security has made him acutely aware of the threats posed by hackers, phishers, scammers and groups such as Anonymous that seek to undermine the very validity of the Internet.
Who would have guessed, for example, that a man living in the Bridgeport neighborhood would be one of six hackers arrested March 6 for allegedly being part of the international collective of “hacktivists” who manipulate computer networks for political and other protests.
“I’ve been involved in cyber security for 15 years, and my position is that cyber is a new theater of war” in addition to the historic theaters of land, sea and air, said Schmidt, who spearheaded Microsoft’s first internal “malicious” testing of Windows 2000 and helped the FBI create the InfraGard Program aimed at improving information-sharing on national security between the government and private industry.
But unlike the other theaters, cyberwar requires no intensive capital spending and investment, such as the money required to build ships, bombs and airplanes, he said.
“It also affects the average American much more than a potential land, sea or air incursion because it’s certainly less difficult for a foreign-sponsored or a softly foreign-sponsored group to launch a cyber disruption with serious implications than for them to drop a bomb on your house,” he said.
Indeed, applicants for new domain names must show they can operate their piece of critical Internet infrastructure so it isn’t vulnerable.
The threats make headlines on a near-daily basis, and will become the subject of an expected Congressional debate over new cybersecurity standards in the coming weeks.
On March 8, a congressional advisory panel warned that China would likely start a cyberattack on the United States if a major conflict occurred, and that the U.S. telecommunications supply chain would be especially vulnerable.
The Obama administration is proposing new cybersecurity rules, which Republicans generally oppose requiring critical infrastructure companies to meet.
Yet experts say the new rules fail to address a key weakness: The United States has no policy for responding to a cyberattack when it’s unclear who launched it.
And McAfee Systems predicts this year’s top vulnerabilities will be mobile bankers, oil and gas utilities and software embedded in cars, medical devices and digital cameras.
Said Schmidt, “State-sponsored cyber conflict is a different animal, and there is a lot to be worked out. While we’re figuring it out, the attackers have the advantage.”