Security, Stability & Resiliency of the DNS Review Team (SSR)

Interaction with the Community

SSR-RT Status June 2011Team formed December 2010Meetings Dec. 2010 (CTG), March 2011 (SFO)Some attritionSubteams: Governance, Implementation, ContingencyDocument basis; triageInterviews – forthcomingScopeMethods

SSR Review Team Terms of ReferenceJune 20, 2011Scope of ICANN’s SSR Responsibilities. The review will analyze the scope of ICANN’s responsibilities in enhancing the security, stability and resiliency of the DNS, consistent with its limited technical responsibilities. The review also will consider the various layers of ICANN’s responsibilities (i.e., control, influence and engagement) and assess various documentation and community perspectives on these issues.Key Issues Scope of ICANN’s SSR responsibilities as articulated in the AOC, mission statement and core values from the bylaws as a starting point. ICANN’s description of its various layers of responsibilities in the SSR plan. The FY12 SSR Plan has been re-organized to clarify its responsibilities.ICANN’s IANA and other operational DNS functions.ICANN’s arrangements with third parties (e.g., root zone server operators, registries) and treatment of SSR issues.Perspectives of community stakeholder groups about what should be within the scope of ICANN’s responsibilities and what should not be included. Priorities and Next Steps

SSR Review Team Terms of ReferenceJune 20, 2011Effectiveness and Implementation of the SSR Plan. The review will consider the extent to which ICANN’s existing SSR Plan has established effective strategies to enhance the security, stability and resiliency of the DNS. It also will analyze ICANN’s processes for addressing SSR issues in its budget, organization, strategic plans and policy development process. Key IssuesSSR Plan based on our review of ICANN’s scope of responsibilities and the risk landscape.ICANN process for implementing the SSR plan and tracking status of the individual projects.Implementation of SSR issues in ICANN’s budget and strategic planning process.ICANN’s organizational structure and responsibilities for SSR issues, including SSAC and security staff functions. Process for addressing SSR issues and obtaining community input in policy development process, including the new DSSA WG.

Priorities and Next Steps

SSR Review Team Terms of ReferenceJune 20, 2011Risk Landscape and Contingency Planning. The review will consider existing and emerging risks from a number of perspectives, including the physical network, human security risks and use of the DNS. It also will examine how ICANN is conducting risk management and contingency planning to account for these existing and emerging risks. Key IssuesExisting process in place for ensuring that risks are identified and analyzed. Risk assessment and contingency planning process within ICANN. ICANN’s own assessments of existing and emerging risks. Broader risk landscape, including issues that are not within the scope of ICANN’s responsibilities. Priorities and Next Steps

Questions (Preliminary, Governance Subset)

6

1. Do you believe that ICANN has a clear remit and scope for Security, Stability and Resilience and if so, what is your understanding of this?

2. Do you believe that this remit is correct, or should it be widened or reduced?

Questions

7

3. Does ICANN clearly state its goals and then track its performance against these?

4. Is the ICANN budget for SSR clear and do you understand its makeup?

Questions

8

5. Does ICANN allocate the correct budget and people resources to SSR?

6. Does ICANN have the correct people and mechanisms to accurately manage risks associated with SSR and to analyze current and future threats to the DNS?

Questions

9

7. Do you see the relationships with the SSAC and RSSAC as functioning correctly and positively?

8. Do these relationships help further ICANN’s goals to preserve SSR of the DNS?

Questions

10

9. Is the relationship between ICANN and IANA suitably robust?

10. Does USG have too much control over IANA and should this be reduced?

Questions

11

11. Is ICANN spending the correct proportion of time and budget on SSR when compared to its other 3 stated goals?

12. Do you believe that ICANN SSR policy is being set by community demand or by top-down processes within the organisation?

Questions

12

13. Do you believe that ICANN should have more contractual control over aspects of the DNS or do current mechanisms server the DNS well?

Thank You