Attendees, Recordings & Transcripts 

ATTENDEES:

Team:  James Gannon, Denise Michel, Boban Krsic, Norm Ritchie, Zarko Kecic, Noorul Ameen, Eric Osterweil

Remote Participants:  

Guests/Presenters:  Jim Caulfield, Xavier Calvez, Francisco Arias, Christine Willett, Eleeza Agopian, Brian Aitchison

Observers:  George Sadowsky, Rahul Sharma, Larisa Gurnick, Karen Mulberry

ICANN organization:  Steve Conte, Negar Farzinnia, Brenda Brewer, Yvette Guigneaux

Apologies:  Kerry-Ann Barrett

READING LIST / DISCUSSION DOCUMENTS 

• Draft Audit Plan: ICANN SSR Workshop

• SSR2_sub_topic_ICANN.SSR

• ICANN SSR sub topic task list (Trello)

• ICANN SSR Framework

RECORDINGS:

• Adobe Connect Replay 
• mp3 Replay

TRANSCRIPTS:  EN

CHAT TRANSCRIPT:  EN

For Meeting Agendas, please click here

ATTENDEES:

 Team:   James Gannon, Denise Michel, Boban Krsic, Norm Ritchie, Zarko Kecic, Noorul Ameen, Eric Osterweil

Remote Participants:  Kerry-Ann Barrett

Guests/Presenters:  Darren Kara, Maguy Serad, Amanda Rose, Jennifer Scott, Jim Caulfield, Xavier Calvez

Observers:  Alejandro Pisantry, Larisa Gurnick, Karen Mulberry

ICANN organization:  Steve Conte, Negar Farzinnia,Yvette Guigneaux

Apologies:  None

READING LIST / DISCUSSION DOCUMENTS 

SSR2 COMPLIANCE 10 OCT 2017.pdf

Draft Report - ICANN SSR Subgroup Meeting in LA

RECORDINGS:

•  Adobe Connect Replay
• mp3 Replay

TRANSCRIPTS:  EN

CHAT TRANSCRIPT:  EN

Meeting Summary

The ICANN SSR Subgroup had a very productive two-day, fact-finding meeting at ICANN headquarters in Los Angeles. The subgroup met with a number of ICANN staff subject matter experts and discussed a range of issues relating to the completeness and effectiveness of ICANN’s security processes and the effectiveness of the ICANN security framework (including activities connected to the SSR2 Terms of Reference and implementation of SSR1 recommendations). Topics were covered to varying degrees of detail as warranted; some topics were covered sufficiently and some will require follow-on discussions.

The subgroup reviewed, submitted questions & information requests about, and discussed early observations about:

• ICANN’s Security Framework and emerging threats
• ICANN’s Risk Management Framework
• ICANN’s Business Continuity strategies, objectives, plans and procedures
• ICANN’s operational planning and controls, and prioritized activity recovery strategy
• ICANN’s Incident Response Structure
• ICANN’s root server operations
• ICANN’s Global Domains Division activities that relate to SSR objectives, including:
  • New gTLD program SSR-related safeguards
  • Emergency Back-End Registry Operator (EBERO), and related processes, and testing
  • Registry Data Escrow (RyDE) program and Data Escrow Agents (DEA)
  • Centralized Zone Data Service (CZDS) compliance, failures, plans
  • Vetting of registrar and registry operators as relates to SSR, and measurement & impact of malicious conduct by contracted parties, databreaches, etc.
  • SLA Monitoring System (SLAM)
  • Abuse reports, including SADAG and DAAR (Statistical Analysis of DNS Abuse & Domain Abuse Activity Reporting)
  • SSR objectives in ICANN’S standard operating procedures (SOP).

Meeting Details

How Effective Are ICANN’s Internal Security, Stability, and Resiliency (SSR) Processes?  

Join members of the ‘ICANN SSR’ sub-team of volunteers from the Second Security, Stability, and Resiliency Review Team (SSR2) as they explore this question and others at their upcoming face-to-face meeting. The sub-team meeting will take place on 9 – 10 October in Los Angeles.

 At the meeting, members of the ICANN organization will brief the sub-team and answer questions on topics including:

• ICANN’s business continuity management system
• ICANN’s operation processes and services
• New generic top-level domain delegation and transition processes

 The ICANN SSR sub-team is aiming to present draft findings to the SSR2 at ICANN60 in Abu Dhabi. For more information on the ICANN SSR sub-team, visit the wiki page.

 How Can I Attend?

• Remotely: https://participate.icann.org/ssrreview-observers
• In-Person: Send an email to mssi-secretariat@icann.org with your request to register for the meeting by 23:59 UTC on 5 October. Due to a limited number of seats, you must register to attend in-person.
  
  

 Become an Observer

Community engagement is critical to a successful review. The SSR2 invites anyone interested in its work to join this review as an observer at any time throughout the course of the review. Learn how to become an observer.

Decisions Reached/Action Items/Links

Day 1 - DISCUSSION LINKS:

EBERO Announcement - https://www.icann.org/news/announcement-2-2011-09-14-en

DNS Abuse Webinars - https://newgtlds.icann.org/en/reviews/cct/dns-abuse

Domain Activity Abuse Reporting - https://www.icann.org/octo-ssr/daar

Registry Transition Process - https://www.icann.org/resources/pages/transition-processes-2013-04-22-en

Emergency Back-End Operator Agreement - https://www.icann.org/en/system/files/files/core-ebero-16aug13-en.pdf

Coordinated Vulnerability Disclosure Reporting - https://www.icann.org/en/system/files/files/vulnerability-disclosure-05aug13-en.pdf

Day 2 - DISCUSSION LINKS:

Registrar Compliance Program -  https://www.icann.org/resources/pages/registrar-2012-02-25-en

DNS Root Name Service Protocol and Deployment Requirements -  https://www.rfc-editor.org/info/rfc5322

ICANN Compliance Performance Reports - https://features.icann.org/compliance

ICANN Compliance Performance Metrics - https://features.icann.org/compliance/dashboard/report-list

Photos

SSR2 Subgroup - ICANN SSR Review Team - Los Angeles Meeting - Day 1

SSR2 Subgroup - ICANN SSR Review Team - Los Angeles Meeting - Day 2