Response Comment on ICANN FY 14 Security, Stability and Resiliency Framework
Dear Patrick: Thank you very much for the opportunity to comment on the FY 14 Security, Stability & Resiliency ("SSR") Framework. I write in a personal capacity to second Dr. Crocker's suggestion in this public comment forum that ICANN assess the number of ccTLDs that need or are likely to need technical training, as well as determine their specific level of competence and security needs. Over the past year, the Steptoe Internet governance team has worked with clients targeted by the escalation in threats detailed in the FY 14 SSR Framework. In light of this work, we fully concur with the suggestion for a proactive approach, aimed directly at the most operationally vulnerable ccTLDs. We also concur with the observation that such vulnerabilities typically exploit smaller operators who are not generally active participants in the community. Finally, we hope to assuage any concern about the inclusion of major brands as somehow making this approach less effective or shifting its focus toward corporate needs rather than achieving results for the ccTLDs. Well-known brands are common targets for attacks exploiting vulnerabilities within the exclusive control of ccTLD operators. Thus, enhanced technical training and security competencies for ccTLDs benefit all parties-and should be considered as community, corporate and ccTLD operator needs. The continued outreach and leadership of ICANN in mitigating / eliminating security vulnerabilities is greatly appreciated, yet it need not accomplish these goals alone. Best regards, Brian Brian J. Winterfeldt Partner bwinterfeldt@xxxxxxxxxxx<mailto:bwinterfeldt@xxxxxxxxxxx> Steptoe +1 202 429 6260 direct +1 202 903 4422 mobile +1 202 429 3902 fax Steptoe & Johnson LLP - DC 1330 Connecticut Avenue, NW Washington, DC 20036 www.steptoe.com<http://www.steptoe.com/> +1 212.506.3935 direct +1 212.506.3950 fax Steptoe & Johnson LLP - New York 1114 Avenue of the Americas New York, NY 10036 This message and any attached documents contain information from the law firm Steptoe & Johnson LLP that may be confidential and/or privileged. If you are not the intended recipient, please do not read, copy, distribute, or use this information. If you have received this transmission in error, please notify the sender immediately by reply e-mail and then delete this message.