<<<
Chronological Index
>>> <<<
Thread Index
>>>
Business Constituency Comments on DSSA Working Group Phase 1 Report
- To: "dssa-phase-1-report@xxxxxxxxx" <dssa-phase-1-report@xxxxxxxxx>
- Subject: Business Constituency Comments on DSSA Working Group Phase 1 Report
- From: Steve DelBianco <sdelbianco@xxxxxxxxxxxxx>
- Date: Wed, 24 Oct 2012 02:00:03 +0000
The Business Constituency is concerned with the security and stability of the
DNS, as it severely impacts our membership base. ICANN's decisions, in
particular, impact the diverse and distributed businesses whose infrastructure
and services make the Internet work.
The Phase 1 report shows the effort put forward to start addressing the types
of risks to the global DNS as it pertains to security and stability, and is a
welcome update on the progress of the WG. We urge the DSSA WG to continue and
complete the work defined by its charter. We look forward to a final report
detailing the risks and threats to the security and stability of the DNS.
DSSA-WG Background:
The objective of the DSSA Working Group is to draw upon the collective
expertise of the participating SOs and ACs, solicit expert input and advice and
report to the respective participating SOs and ACs on: The actual level,
frequency and severity of threats to the DNS.
This is the first of two reports from the DNS Security & Stability Analysis
Working Group. The goal of this document is to bring forward the substantial
work that has been completed to date and describe the work that remains. This
has been in many respects a “pioneering” cross-constituency security-assessment
effort that has developed knowledge and processes that others will hopefully
find helpful and can be reused in the future.
The DSSA has:
* Established a cross-constituency working group and put the organizational
framework to manage that group in place
* Clarified the system, organizational and functional scope of the effort
* Developed an approach to handling confidential information, should such
information be required for certain assessments
* Selected and tailored a risk-assessment methodology to structure the work
* Developed and tested mechanisms to rapidly collect and consolidate
risk-assessment scenarios across and broad and diverse group of interested
participants
* Used an “alpha-test” of those systems to develop the high-level
risk-scenarios in this report. Those scenarios will serve as the starting point
for the remainder of the effort.
Work that remains:
* Perform a proof of concept to refine and streamline the methodology on
one broad risk-scenario topic with the goal of reducing cycle time and making
it more accessible to a broader community
* Roll the methodology out to progressively broader groups of participants
to introduce the methodology to the community and further improve the process
and tools on the way to completing the assessment.
* It is essential that this work involve businesses beyond ICANN's
contracted parties, although such broad engagement is not sufficiently evident
at this point. Outreach should be expanded to the non-contracted parties who
support Internet infrastructure and services.
Rapportuer for these comments: Scott McCormick
Submitted by: Steve DelBianco, vice chair for policy coordination, Business
Constituency
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|