Re: Response to ccTLD training programs to improve Internet security and stability

[Steve Crocker <steve@xxxxxxxxxxxx>]

Patrick,
Thanks for all of this.  Let me repeat the questions I asked:

> Do we have a sense of how many ccTLDs need or are likely 
> to need this sort of training?  Do we expect we will have covered the ground 
> some day, i.e. satisfied the need for this sort of training around the world? 
>  
> Is it possible to set up metrics and a nominal timeline?

To make these a bit more pointed, I'm suggesting there should be a conscious 
effort to assess the ccTLDs to determine their level of competence and their 
needs.  This is a very manageable set of "customers."  Perhaps this is best 
done in conjunction with the ccNSO, the ccTLD and/or the regional cc 
organizations.

You're suggesting there is a shift in the needs, which is fine.  I'd like to 
see an explicit characterization of how far along the current mission has 
progressed and a separate explicit characterization of how far along the new 
mission is.  Ideally, it will be possible to lay out a plan for completing the 
current mission.

Steve




On May 8, 2013, at 12:11 PM, Patrick Jones <patrick.jones@xxxxxxxxx> wrote:

> Steve,
> 
> Thanks for your comment and questions on the growing demand for technical 
> training 
> (http://forum.icann.org/lists/comments-ssr-fy14-06mar13/msg00010.html). 
> Building from yours and Steve Huter's comments, here are some thoughts 
> collected from John, Dave, Jeff, and myself.
> 
> There will always be some number of TLD managers with training needs. The 
> focus on ccTLDs came about in 2003-2004 due to a clear need to train (some) 
> TLDs in basic DNS operations. 
> Today that has morphed into trainings that focus less on basics for ccTLD 
> operators and more on security (attack, contingency response, threat 
> mitigation, DNSSEC) and monitoring. This came about through constant 
> interaction with the community. The feedback loop is critical to ensuring we 
> understand the needs and wishes of operators.
> 
> While the number of ccTLDs now is known and relatively constant, the TLD 
> space in general is about to get bigger. We assume the new operators will not 
> have the same needs as existing operators (but that's an assumption). 
> Although Steve Huter's comment was focused on the ccTLD space, the Security 
> team is seeing training a growing number of requests from law enforcement, 
> regional organizations, governments, business groups and universities. Part 
> of the answer to your question is that we are not likely to cover the field 
> for training in the near future, and we do continue to deliver training to 
> ccTLDs as part of an expanding training offering. We continue to seek ways to 
> assist LE and are working in collaboration with Europol, Interpol, APWG and 
> others to more effectively deliver training at regional events. ICANN's 
> engagement plays an important part in the ecosystem by supporting and 
> supplementing the work of others like NSRC.
> 
> We are grateful for the support of folks like NSRC who have been amazing 
> partners in helping train hundreds of ccTLD (and other) people over the 
> years. Although it is sometimes hard to measure the effect of such training, 
> we firmly believe that this work has played a large part in improving the 
> operational standards of the ccTLD community, and contributed to the 
> ecosystem as a whole. It has also been critical in helping build community 
> and trust with ccTLD operators on an operational level which is invaluable 
> when issues arise which require trusted collaboration (responding to threats 
> against TLDs, actual attacks etc.).
> 
> That said, we still have a long way to go in easing security awareness and 
> practices. The hard part is identifying and reaching those who most need 
> training. If we look at recent attacks against ccTLDs we can see that it is 
> often (not always) the smaller TLD who is not actively participating in the 
> community that is affected.
> 
> We don't have a magical answer for this dilemma.
> 
>> John notes "I will occasionally think back to 2003 when a bunch of us got 
>> together and decided to start this journey. We knew we were in for the long 
>> haul. We chose to aim directly at the most operationally vulnerable and with 
>> a concerted, and expensive, effort we proactively went after "low hanging 
>> fruit". Maybe it's time to pull together that or a similar group together 
>> and see if there is a will to now start something similar aimed towards 
>> security needs?
>> 
>> If we were to do this today we could include some major brands. However I 
>> worry about that actually making the approach less affective. I would want 
>> people like Steve Huter to help ensure that we focused on results for the 
>> TLDs, which helps the system, and not on corporate needs."
> 
> In the near term, it is possible to provide a list of operators who have been 
> through training. The Security team can show how many trainings we do per 
> year (on our own and in partnership with others).
> 
> Security is also looking to add staff to better meet the requests from 
> operators, law enforcement, regional organizations and others in the 
> community for technical training and engagement (this is described in the FY 
> 14 SSR Framework). We anticipate these requests will grow, as the regional 
> strategies from the African, Asia-Pacific, Latin American and Caribbean, and 
> Middle East communities all contain strategic focus areas for security and 
> stability.
> 
> Other challenges for us are worth noting:
> 
> We are increasingly being asked for very specialized training. The conundrum 
> we face is that unlike basic training, a small number of individuals can 
> produce these training materials and credibly deliver them; moreover, 
> training of this kind evolves quickly over time and even "training trainers" 
> requires greater effort. The LE folks in particular want to learn practical 
> aspects, acquired knowledge not rote knowledge. 
> 
> Let's continue this discussion and I hope others weigh in as well.
> 
> Patrick (with input from Dave Piscitello, John Crain, Jeff Moss)
> 
> -- 
> Patrick L. Jones
> Senior Director, Security
> Internet Corporation for Assigned Names & Numbers
> 1101 New York Avenue, NW, Suite 930
> Washington, DC 20005
> Tel: +1-202-570-7115
> patrick.jones@xxxxxxxxx
> patrickjones.tel
>