Please find my thoughts from our discussion few hours ago, regarding "Sub Topic 4 – Future Challenges", i believe the below is limited in scope and achievable with a reasonable effort, please feel free to consider if you think suitable, thanks.
1-Performance security (SSR2 scope)
Issue high level recommendations towards ICANN technologies(routing, switching, computing environments, DNS related services) resources utilization (Traffic, processing/power/memory utilization, ...)
To do so we need to:
-identify a list of the types of technologies used by ICANN
-recommend forecasting techniques to be used by ICANN to determine future utilization
-ICANN role in return: Recommendations need to be considered in future technological planning or architecture designs by ICANN.
2-Technology selection security (SSR2 scope)
Issue high level recommendations on:
-Vendor security technology evaluation process (how to test solutions)
-Vendor security technology selection process (how to select a solution)
-Vendor security technology implementation process (what vendors need to do when deploying solutions)
-Vendor security maintenance process (how vendors should maintain their solutions)
-Vendor responsibilities and SLAs (patching vulnerabilities, technology development/deployment)
-Vendor accountability for security problems
-ICANN role in return: Selection recommendations need to be considered in future technology selection processes employed by ICANN
3-Threat intelligence (SSR2 scope)
Issue high level recommendations on:
-The need for an ICANN threat intelligence team
-The need for ICANN to have established communication with top threat intelligence sources to know about the latest threats
-The need for adapting threat intelligence internally, to identify attacks and threats accordingly
-ICANN role in return: Threat intelligence recommendations to be adapted by ICANN towards enhancing blocking of cyber attacks, identifying causes of new breaches, and knowing about the latest threats endangering similar organizations.
NB1: Recommendations provided should be vendor/technolgy neutral, as to be valid for future utilization
NB2: issues of ddos, route injection all fall under “Sub Topic 3 – DNS SSR” as they are issues probably currently being dealt with. What is not dealt with, is how they could be used in the future, which falls under threat intelligence. I do not believe should predict protocols misuse options through new vulnerabilities, that has an unlimited scope.
-------End-------
Regards,
Amin