[council] Public Comment: April 2010 DNS-CERT Operational Requirements & Collaboration Analysis

[Glen de Saint Géry <Glen@xxxxxxxxx>]

http://www.icann.org/en/announcements/announcement-24may10-en.htm

Public Comment: April 2010 DNS-CERT Operational Requirements & Collaboration 
Analysis

24 May 2010

ICANN is today opening a public comment period on the April 2010 DNS-CERT 
Operational Requirements and Collaboration Analysis Workshop 
Report<http://www.icann.org/en/topics/ssr/dns-cert-collaboration-analysis-24may10-en.pdf>
 (with Minority Statement). In advance of the ICANN Brussels meeting, ICANN is 
seeking comments on the potential requirements identified in the workshop 
report, DNS Security response gaps.

In addition, ICANN is publishing the Summary & Analysis of Comments on the 
Security Strategic Initiatives and Global DNS-CERT Business Case 
papers<http://www.icann.org/en/public-comment/summary-analysis-strategic-ssr-initiatives-and-dns-cert-business-case-24may10-en.pdf>,
 and the DNS-CERT Consultation 
record<http://www.icann.org/en/topics/ssr/dns-cert-consultation-record-24may10-en.pdf>.
 The consultation record is included for transparency on the formation of the 
DNS-CERT concept and consultations that have occurred in parallel with the 
public comment period on the Security Strategic Initiatives papers.

The DNS-CERT Operational Requirements and Collaboration Analysis Workshop 
report was prepared by Jose Nazario, Arbor Networks, Roy Arends, Nominet, and 
Chris Morrow, Google, and is the output from a tabletop workshop conducted 6-7 
April 2010 in Washington DC. Participants identified several requirements for 
responding to Internet and DNS security events, many of which are under-met or 
ignored by existing DNS security capabilities. They are:

 *   A trusted communications channel, or multiple channels, for use during 
event response that is usable by the appropriate parties.
 *   Standing incident coordination and response functions, which enable 
consistent and professional incident handling efforts.
 *   Incident status tracking through to completion, with communication to the 
necessary parties.
 *   Trusted guidance on issues with knowledge and experience with the various 
and varied areas of Internet and DNS security. Respect of these voices by the 
areas of the Internet and DNS communities with which they speak is important.
 *   A trust broker / introduction service across traditional communities 
boundaries, recognizing that the community identifying threats to Internet and 
DNS operations is often far-flung and sometimes outside the knowledge of the 
Internet and DNS operator and vendor communities.
 *   Analysis capabilities, including data such as DNS traffic, software 
vulnerabilities and attack traffic, to validate incidents and identify next 
steps as quickly as possible.
 *   Institutional memory in the form of reports, recommendations, and best 
practices, which can inform the various Internet and DNS security communities, 
support future successful incident responses, and help evolve incident response 
capabilities.
 *   Outreach and education functions to share best practices for securing 
Internet and DNS operations, secure registration functions, implementing 
DNSSEC, and other key DNS and security factors.
 *   The ability to act quickly, and to be prepared to act with necessary 
resources in response to threats to the DNS of a global nature in a timely and 
sustained manner.
 *   A sensitivity to the complexity of the international nature of the DNS, 
understanding the capabilities and limitations of the global DNS community.

Workshop participants noted many of these functions are addressed by various 
groups, either standing or ad-hoc. Some participants expressed concern that 
only a few of the existing organizations are DNS-specific. The report includes 
a Minority 
Statement<http://www.icann.org/en/topics/ssr/dns-cert-collaboration-analysis-minority-statement-18may10-en.pdf>
 from Kathy Kleiman, Public Interest Registry, and Greg Aaron, Afilias.

Comments on the Operational Requirements and Collaboration Analysis Report 
submitted to 
dns-collab-analysis@xxxxxxxxx<mailto:dns-collab-analysis@xxxxxxxxx> will be 
considered until 2 Jul 2010 23:59 UTC. Comments may be viewed at 
http://forum.icann.org/lists/dns-collab-analysis/.<http://forum.icann.org/lists/dns-collab-analysis/>

A consultation session will be held at the ICANN meeting in Brussels on the 
Security Strategic Initiatives (DNS-CERT and system-wide DNS Risk Assessment 
and exercises), with a date and time soon to be included in the Brussels 
meeting schedule.

Glen de Saint Géry

GNSO Secretariat

gnso.secretariat@xxxxxxxxxxxxxx<mailto:gnso.secretariat@xxxxxxxxxxxxxx>

http://gnso.icann.org