ICANN/DNSO
DNSO Mailling lists archives

[council]


<<< Chronological Index >>>    <<< Thread Index >>>

[council] Security meeting - more details


Dear colleagues:

The meeting on security is beginning to shape up although it will be 
several days yet before we can fill in the details. A program 
committee is being formed to define the agenda and invite speakers. 
We will provide details as they become available. In the meantime, 
your suggestions for how to make the agenda as meaningful to you as 
possible would be welcome, as well as your suggestions for invited 
speakers.

The overall purposes of the program - beyond those stated in previous 
announcement - are to educate, to enhance awareness, to assess 
security and readiness in the broadest terms, and to launch 
continuing efforts to assess and improve security and readiness 
across the scope of ICANN's activities and communities. In large 
part, this will be a bottom-up process of analysis and development of 
processes and recommendations, culminating is presentations to be 
made by Councils and Advisory Committees to the Board on the final 
day.

To make it a little clearer, by "security" I mean security primarily 
of DNS services and the entities that provide them, including both 
protection against potential threats and the ability to recover from 
actual serious failures. This includes practices such as site 
security, network security, data backup and escrow, recovery 
procedures and processes, management and personnel practices, etc. In 
addition, we need to become informed about  the status of improved 
technical standards, such as DNSSEC, and other technical issues that 
apply to the broader context of the DNS. I am sure most DNS service 
providers take these matters very seriously and work hard to keep 
their systems and networks secure; the November discussions will 
proceed on the assumption that there is always room for 
self-assessment, dialogue, and improvement.

Here is how we are currently envisioning the meeting program (subject 
to further input and refinement). In very rough outline (more later) 
the meeting would open with a series of plenary orientation talks and 
panels focusing on both management and technical security issues, and 
what are the dangers of neglecting these issues. One emphasis would 
be that security and recovery are as much management issues as 
technical, and that many (if not most) failures can be attributed to 
lack of management attention. These orientation sessions would lay 
out a common framework for the rest of the meeting.They would be 
followed by a series of facilitated small workshops (everyone 
participates) that will focus on self-assessment (not for 
distribution) and tease out issues, ideas, and recommendations 
through group discussion and mutual education. These outputs would in 
turn feed into meetings of ICANN constituencies and other component 
organizations to develop recommendations for future actions, 
processes, policies etc for future constituency action and 
consideration, or that would be "synthesized" by Councils along with 
other recommendations for reporting to the Board the following day. 
There will be other tracks that would focus on specific technical or 
other questions that need to be discussed.

Incidentally, the reports to the Board would be followed by some open 
mike time on security, to be followed by a Board discussion of what 
it has heard. After lunch, there will be separate open mike time for 
general issues followed by a regular Board meeting for issues that 
have to be considered (because "time is of the essence").

As previously indicated, November 12 is available for other 
constituency/Council/advisory committee meetings for other business. 
On the evening of the 12th, however, a Public Forum will be scheduled 
for a report by the At Large Study Committee followed by discussion 
in the usual format.

The above is an outline. Within that outline are many details to be 
nailed down over the coming days and weeks. The meeting will only be 
as successful as you make it, so your thoughts will be greatly 
appreciated. Please send your ideas and comments to meeting@icann.org 
from where they will be distributed efficiently to all the people 
planning the meeting - or to me directly (but, sadly, I am less 
efficient!).

With regards
Stuart

-- 

__________________
Stuart Lynn
President and CEO
ICANN
4676 Admiralty Way, Suite 330
Marina del Rey, CA 90292
Tel: 310-823-9358
Fax: 310-823-8649
Email: lynn@icann.org


<<< Chronological Index >>>    <<< Thread Index >>>