Responses to questions from the RySG

[Patrick Jones <patrick.jones@xxxxxxxxx>]

------ Forwarded Message
From: Patrick Jones <patrick.jones@xxxxxxxxx>
Date: Fri, 3 Jun 2011 02:46:34 -0700
To: "dmaher@xxxxxxx" <dmaher@xxxxxxx>
Cc: Craig Schwartz <craig.schwartz@xxxxxxxxx>, "Gomes, Chuck" 
<cgomes@xxxxxxxxxxxx>
Subject: Responses to questions from RySG on FY 12 SSR Framework

David,

Apologies in the delay in getting these responses to you and the RySG.

Part A

Regarding slide 21 – Thank you for encouraging ICANN to define “collaboration” 
in the context of working with governments (and more specifically, with law 
enforcement as sub-entities of governments) to combat abuse of the unique 
identifier systems. ICANN staff recently met with Interpol staff in France 
(http://www.icann.org/en/news/releases/release-2-23may11-en.pdf). Law 
enforcement representatives have also been attending ICANN meetings and 
participating in the DNS Abuse Forum sessions at ICANN meetings over the past 
few years. ICANN is looking at ways to improve this collaboration, and in that 
context, will provide more detail and clarity into what type of activities fall 
into this area.

With regard to the last sentence on the third bullet on slide 22, this sentence 
is not seen as contradictory with the third bullet on slide 21. Although 
“malicious conduct” is not defined, there have been documents published 
referencing this. For example, the 2009 report of the Global DNS SSR Symposium 
conducted at Georgia Tech University 
(http://www.gtisc.gatech.edu/pdf/DNS_SSR_Symposium_Summary_Report.pdf) had a 
section titled Combating Malicious Abuse.

On slide 27, with regard to the ICANN Computer Incident Response Team, I 
believe our blog post from 12 November 2010 states the role of the ICANN 
Computer Incident Response Team is strictly internal: 
http://blog.icann.org/2010/11/an-update-on-icann-security-efforts/, and see 
https://www.icann.org/en/cirt/ (page is in the process of being updated to 
reflect staff changes).

Part B

With regard to the 4th Strategic Objective listed on slide 9 of Part B, at the 
ICANN meeting in San Francisco, the Board approved a resolution 
(http://www.icann.org/en/minutes/resolutions-18mar11-en.htm#1.4) changing the 
SSAC bylaws as part of the SSAC Review recommendations. This included tasking 
the Board Governance Committee with creating “a working group to oversee the 
development of a risk management framework and system for the DNS as it 
pertains to ICANN’s role as defined in the bylaws.” The BGC is still in the 
process of putting this together.

Further, the Board approved the 2011-2014 Strategic Plan in San Francisco, and 
directed staff to move forward with Operational planning for the strategic 
objectives in the plan, including the one in your question. ICANN’s FY 12 
Operating Plan and Budget was posted ( 
http://www.icann.org/en/public-comment/#op-budget-fy12). The community-driven 
DNS Security and Stability Analysis Working Group also fits into the area of 
looking at gaps and risks to the DNS.

On the last question concerning “trusted security community” on slide 16, this 
is not a defined term. Loosely it could include those who participated in the 
Conficker Working Group, DNS-OARC, CERTs.

Thank you for these questions. Members of the Security team will be at the 
Singapore meeting and will be able to speak further with the RySG if you have 
more questions.

Patrick


--
Patrick L. Jones
Senior Manager, Security
Internet Corporation for Assigned Names & Numbers
1101 New York Avenue, NW, Suite 930
Washington, DC 20005
Tel: +1 202 570 7115
patrick.jones@xxxxxxxxx
patrickjones.tel