[bc-gnso] Business Constituency Comments on DSSA Working Group Phase 1 Report

[Steve DelBianco]

Below are the BC comments we submitted regarding the DNS Security & Stability Analysis (DSSA) Working Group Phase 1 report.

Thanks to Scott McCormick for his excellent draft.  I worked Marilyn's comments in there before submitting.  (Link<http://forum.icann.org/lists/dssa-phase-1-report/msg00002.html> to comment view)


Subject: Business Constituency Comments on DSSA Working Group Phase 1 Report

The Business Constituency is concerned with the security and stability of the DNS, as it severely impacts our membership base.  ICANN's decisions, in particular, impact the diverse and distributed businesses whose infrastructure and services make the Internet work.

The Phase 1 report shows the effort put forward to start addressing the types of risks to the global DNS as it pertains to security and stability, and is a welcome update on the progress of the WG.  We urge the DSSA WG to continue and complete the work defined by its charter.  We look forward to a final report detailing the risks and threats to the security and stability of the DNS.

DSSA-WG Background:

The objective of the DSSA Working Group is to draw upon the collective expertise of the participating SOs and ACs, solicit expert input and advice and report to the respective participating SOs and ACs on: The actual level, frequency and severity of threats to the DNS.


This is the first of two reports from the DNS Security & Stability Analysis Working Group. The goal of this document is to bring forward the substantial work that has been completed to date and describe the work that remains. This has been in many respects a “pioneering” cross-constituency security-assessment effort that has developed knowledge and processes that others will hopefully find helpful and can be reused in the future.


The DSSA has:

  *   Established a cross-constituency working group and put the organizational framework to manage that group in place
  *   Clarified the system, organizational and functional scope of the effort
  *   Developed an approach to handling confidential information, should such information be required for certain assessments
  *   Selected and tailored a risk-assessment methodology to structure the work
  *   Developed and tested mechanisms to rapidly collect and consolidate risk-assessment scenarios across and broad and diverse group of interested participants
  *   Used an “alpha-test” of those systems to develop the high-level risk-scenarios in this report. Those scenarios will serve as the starting point for the remainder of the effort.

Work that remains:

  *   Perform a proof of concept to refine and streamline the methodology on one broad risk-scenario topic with the goal of reducing cycle time and making it more accessible to a broader community

  *   Roll the methodology out to progressively broader groups of participants to introduce the methodology to the community and further improve the process and tools on the way to completing the assessment.

  *   It is essential that this work involve businesses beyond ICANN's contracted parties, although such broad engagement is not sufficiently evident at this point.  Outreach should be expanded to the non-contracted parties who support Internet infrastructure and services.

Rapportuer for these comments: Scott McCormick

Submitted by:  Steve DelBianco, vice chair for policy coordination, Business Constituency


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/bc-gnso/attachments/20121024/18b80868/attachment.html>