CISO Challenges: Adapting to Black Swans

I didn’t anticipated this unprecedented petition from the Ukranian Government. So I began to think on the potential intended (and unintended) consequences inmediately.
I understand the rationale behind this request. The Cyberwar the Russian Federation has been waging against Ukraine since 2013 has been instrumental in the annexation of Crimea (cfr. Gamaredon), and an effective disruptor of Ukrainian defense capabilities, facilitating the military operations now in place.

But at first glance, tampering with ICANN and the DNS Root Zone, that have been foundational for Net Neutrality, doesn’t seem like a good idea.
When you perform the Incident Handling & Reponse of a major cyberincident, you do the Triage, Contain and Mitigate. You can achieve mitigation by isolation, but entering into “pull the plug” mode is proof that something has gone terribly wrong.

So unplugging the .ru internet cannot be the answer:
- It would affect the ability of the russian citizenry to organize opposition to the war, communicate freely and access non-affiliated russian information sources.
- Would foster the idea that the balkanization of the internet is a good idea, prompting autocratic governments to go for their own national intranets, North Korean style.
- Mass revocation of certificates would weak the confidentiality of communications putting russian civilians into the hands of their own Government. A controled revocation of known C2C sites would be a reasonable initiative, but that is not in the hands of ICANN but the CAs.