[Comments-ssr2-rt-draft-report-24jan20] SSR2 comment Wolfgang Kleinwächter

[Jennifer Bryce]

Resending due to formatting issues:

"SSAC, in close cooperation with the ICANN Baord and relevant constituncies, should investigate and assess new threats for the security, stability and resilience of the DNS as result of bad behavior of state and non state actors in cyberspace and contribute - within the limit of ICANNs mission - to the intergovernmental and multistakeholder negotiations, which take place within the Open Ende Working Group (OEWG) under the 1st Committee of the UN General Assembly."

Rationale & Background

ICANN´s mission includes „to facilitate the openness, interoperability, resilience, security and/or stability of the DNS“ (1.1.a.i). According to ICANN Bylaws (1.2.a.i) ICANN has to „preserve and enhance the administration of the DNS and the operational stability, reliability, security, global interoperability, resilience, and openness of the DNS and the Internet;“

To preserve and enhance „the operational stability, reliability, security, global interoperability, resilience, and openness of the DNS and the Internet“ is an important element to keep the cyberspace as a whole safe, secure and stable. However, in recent years new threats have emerged as attacks against or abuse of the DNS, which have the potential to undermine the security and stabilty of cyberspace.

Since years, cybersecurity is an issue of intergovernmental negotiations within the UN system. The 73th UN General Assembly, in December 2018, did establish a new „Open Ended Working Group“ (OEWG) with a mandate, to contribute to enhance international security in cyberspace.  The OEWG works in parallel with the 6th Group of Governmental Experts (GGE) which has a similar mandate, but is limited to 25 member states. In contrast to the GGE, which is for governments only, the OEWG, which works under the 1st Committee of the UN General Assembly and is open to all 193 UN member states, got also mandate to hold „intersessional consultative meetings with the interested parties, namely business, non-governmental organizations and academia, to share views on the issues within the group’s mandate“.

The OEWG had its first meeting in September 2019 in New York. A first interesssional meeting took place in early December 2019 in New York. Other OEWG meetings are scheduled for February and July 2020. The OEWG has to report to the 75th UN General Assembly in October 2020. It is expected that the mandate of the OEWG will be renewed beyond 2020. The first „Informal Intersessional“ meeting in December 2019 in New York demonstrated the usefulness of a deeper interaction between governments and non-state actors from business, the technical community and civil society. Contributions from the technical community, inter alia from FIRST and the IGF BPF Cybersecurity, helped governments to develop a better understanding of the functioning of the critical Internet resources and its management.

The management of the DNS is not within the mandate of the OEWG. However, as the discussions during the first OEWG meetings have shown, there is a risk that DNS management is pulled into a controversial political discussion. New categories of attacks against the DNS – as the Sea Turtle Case – have the potential to undermine the general stability of cyberspace.

ICANN should be aware about those discussions within the UN and - within the limits of ICANN´s technical mandate - help diplomats to better understand the functioning of the DNS.

So far, the OEWG has discussed, inter alia, the following issues which could have relevance also for ICANN:

  *   Threat analysis
  *   Noms and rules for state behaviour in cyberspace
  *   Confidence building measures
  *   Capacity building measures
ICANN, within the limits of its mandate and via its Security and Stability Advisory Committee (SSAC), could make constructive contributions with regard to
a. DNS threat assessment,
b. commenting on relevant norms (as the proposed norm to protect the public core of the Internet),
c. excellent registry and registrar service, based on DNSSEC, to enhance confidence in the DNS and
d. offering technical capacity building for non-technical experts as diplomats.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/comments-ssr2-rt-draft-report-24jan20/attachments/20200302/a2ad14bb/attachment.html>