http://www.icann.org/en/announcements/announcement-24may10-en.htm

Public Comment: April 2010 DNS-CERT Operational Requirements & Collaboration Analysis

24 May 2010

ICANN is today opening a public comment period on the April 2010 DNS-CERT Operational Requirements and Collaboration Analysis Workshop Report (with Minority Statement). In advance of the ICANN Brussels meeting, ICANN is seeking comments on the potential requirements identified in the workshop report, DNS Security response gaps.

In addition, ICANN is publishing the Summary & Analysis of Comments on the Security Strategic Initiatives and Global DNS-CERT Business Case papers, and the DNS-CERT Consultation record. The consultation record is included for transparency on the formation of the DNS-CERT concept and consultations that have occurred in parallel with the public comment period on the Security Strategic Initiatives papers.

The DNS-CERT Operational Requirements and Collaboration Analysis Workshop report was prepared by Jose Nazario, Arbor Networks, Roy Arends, Nominet, and Chris Morrow, Google, and is the output from a tabletop workshop conducted 6-7 April 2010 in Washington DC. Participants identified several requirements for responding to Internet and DNS security events, many of which are under-met or ignored by existing DNS security capabilities. They are:

• A trusted communications channel, or multiple channels, for use during event response that is usable by the appropriate parties.
• Standing incident coordination and response functions, which enable consistent and professional incident handling efforts.
• Incident status tracking through to completion, with communication to the necessary parties.
• Trusted guidance on issues with knowledge and experience with the various and varied areas of Internet and DNS security. Respect of these voices by the areas of the Internet and DNS communities with which they speak is important.
• A trust broker / introduction service across traditional communities boundaries, recognizing that the community identifying threats to Internet and DNS operations is often far-flung and sometimes outside the knowledge of the Internet and DNS operator and vendor communities.
• Analysis capabilities, including data such as DNS traffic, software vulnerabilities and attack traffic, to validate incidents and identify next steps as quickly as possible.
• Institutional memory in the form of reports, recommendations, and best practices, which can inform the various Internet and DNS security communities, support future successful incident responses, and help evolve incident response capabilities.
• Outreach and education functions to share best practices for securing Internet and DNS operations, secure registration functions, implementing DNSSEC, and other key DNS and security factors.
• The ability to act quickly, and to be prepared to act with necessary resources in response to threats to the DNS of a global nature in a timely and sustained manner.
• A sensitivity to the complexity of the international nature of the DNS, understanding the capabilities and limitations of the global DNS community.

Workshop participants noted many of these functions are addressed by various groups, either standing or ad-hoc. Some participants expressed concern that only a few of the existing organizations are DNS-specific. The report includes a Minority Statement from Kathy Kleiman, Public Interest Registry, and Greg Aaron, Afilias.

Comments on the Operational Requirements and Collaboration Analysis Report submitted to dns-collab-analysis@icann.org will be considered until 2 Jul 2010 23:59 UTC. Comments may be viewed at http://forum.icann.org/lists/dns-collab-analysis/.

A consultation session will be held at the ICANN meeting in Brussels on the Security Strategic Initiatives (DNS-CERT and system-wide DNS Risk Assessment and exercises), with a date and time soon to be included in the Brussels meeting schedule.

Glen de Saint Géry

GNSO Secretariat

gnso.secretariat@gnso.icann.org

http://gnso.icann.org