Inputs on Draft Statement of ICANN's role and remit in SSR

[Rossella Mattioli <rossella.mattioli@xxxxxxxxx>]

These considerations are submitted on an individual level and are not endorsed 
by the constituency I am part of.


The Draft Statement of ICANN's Role and Remit in Security, Stability and 
Resiliency of the Internet's Unique Identifier Systems represents an important 
step in the definition of ICANN role.
It will help in clearly stating the ICANN remit and constituency of operations 
and engage the broader internet community in understanding DNS security 
importance.

ICANN’s operational responsibilities
The presented statements highly define ICANN role and for better comprehension 
they should be integrated with a clear description of related operational tasks 
and service level indicators regarding every single unique identifier.
This should also consider inputs from other WGs as DSSA and DRMF and 
translating these in operational steps.
Regarding the recommendation 1 and 3 some examples could be:
-       a public, unique and updated dashboard regarding the status of 
allocation of domain names, Internet Protocol (IP) addresses, autonomous system 
(AS) numbers and protocol port and parameter numbers.
-       performance indicators regarding of the stability, security and 
resiliency of the unique identifiers 
-       revision and optimization of all the documentation/ public resources 
regarding these topics 
-       clear organization chart stating the job description of every single 
security function and related identifiers

ICANN’s involvement as a coordinator, collaborator and facilitator
Participation in the security debate should be fostered:ICANN security 
functions should officially engage every international and national working 
group which deals with unique identifiers threats and publish updated reports.
The role should be of evangelist of SSR functions in case the threats do not 
affect the stability, security and resiliency of the unique identifiers.
In case the stability, security and resiliency of the unique identifiers is 
hampered or at risk ICANN should play an active role within its constituency 
and also facilitate, thanks to its multi stakeholder nature, the interaction 
between all entities concerned.
For example
-       in case of a threat directly related to the misuse of unique 
identifiers, it should be able to operatively coordinate all efforts and actors 
involved.
-       in case of a threat that can hamper the security and stability of the 
entire internet ecosystem it should be able to immediately identify what kind 
of threats are and which kind of repercussions could generate:
        -       In case of direct impact it should be able to timely face the 
threat, 
        -       in case of domino impact due to the nature of unique 
identifiers it should be able to coordinate efforts and favor interaction 
between actors involved.

Moreover ICANN should foster research and participation within the community 
with security workshops, as for example facilitating input and create more ad 
hoc occasions where to reunite members from the security and at large community 
with no restrictions of membership.Remote participation should be always 
provided (this not happened for example at DNS SSR 2011) and participation 
should be funded as well as research projects / academic fellowships / 
vulnerability contests.

ICANN's engagement with others in the global Internet ecosystem.
Unfortunately the more information technology solutions are builded based on 
Internet unique identifiers, the more threats are going to rise so engage the 
security and Internet community at large will become more and more important 
for ICANN in the coming years.
In this respect a clear plan of engagement should be prepared and periodical 
reports defined.