Dear Protocol Council Members, Please, find below the note of Mr. S. Lynn concerning the Meeting on Security. Best regards, Vladimir -----Original Message----- From: M. Stuart Lynn [mailto:lynn@icann.org] Sent: Wednesday, October 03, 2001 12:13 AM To: council@dnso.org; ac-coord@aso.icann.org; Vladimir Androuchko for PSO Council; ASO Address Council coordination list; Donna Austin for GAC distribution Subject: Security meeting - more details Dear colleagues: The meeting on security is beginning to shape up although it will be several days yet before we can fill in the details. A program committee is being formed to define the agenda and invite speakers. We will provide details as they become available. In the meantime, your suggestions for how to make the agenda as meaningful to you as possible would be welcome, as well as your suggestions for invited speakers. The overall purposes of the program - beyond those stated in previous announcement - are to educate, to enhance awareness, to assess security and readiness in the broadest terms, and to launch continuing efforts to assess and improve security and readiness across the scope of ICANN's activities and communities. In large part, this will be a bottom-up process of analysis and development of processes and recommendations, culminating is presentations to be made by Councils and Advisory Committees to the Board on the final day. To make it a little clearer, by "security" I mean security primarily of DNS services and the entities that provide them, including both protection against potential threats and the ability to recover from actual serious failures. This includes practices such as site security, network security, data backup and escrow, recovery procedures and processes, management and personnel practices, etc. In addition, we need to become informed about the status of improved technical standards, such as DNSSEC, and other technical issues that apply to the broader context of the DNS. I am sure most DNS service providers take these matters very seriously and work hard to keep their systems and networks secure; the November discussions will proceed on the assumption that there is always room for self-assessment, dialogue, and improvement. Here is how we are currently envisioning the meeting program (subject to further input and refinement). In very rough outline (more later) the meeting would open with a series of plenary orientation talks and panels focusing on both management and technical security issues, and what are the dangers of neglecting these issues. One emphasis would be that security and recovery are as much management issues as technical, and that many (if not most) failures can be attributed to lack of management attention. These orientation sessions would lay out a common framework for the rest of the meeting.They would be followed by a series of facilitated small workshops (everyone participates) that will focus on self-assessment (not for distribution) and tease out issues, ideas, and recommendations through group discussion and mutual education. These outputs would in turn feed into meetings of ICANN constituencies and other component organizations to develop recommendations for future actions, processes, policies etc for future constituency action and consideration, or that would be "synthesized" by Councils along with other recommendations for reporting to the Board the following day. There will be other tracks that would focus on specific technical or other questions that need to be discussed. Incidentally, the reports to the Board would be followed by some open mike time on security, to be followed by a Board discussion of what it has heard. After lunch, there will be separate open mike time for general issues followed by a regular Board meeting for issues that have to be considered (because "time is of the essence"). As previously indicated, November 12 is available for other constituency/Council/advisory committee meetings for other business. On the evening of the 12th, however, a Public Forum will be scheduled for a report by the At Large Study Committee followed by discussion in the usual format. The above is an outline. Within that outline are many details to be nailed down over the coming days and weeks. The meeting will only be as successful as you make it, so your thoughts will be greatly appreciated. Please send your ideas and comments to meeting@icann.org from where they will be distributed efficiently to all the people planning the meeting - or to me directly (but, sadly, I am less efficient!). With regards Stuart -- __________________ Stuart Lynn President and CEO ICANN 4676 Admiralty Way, Suite 330 Marina del Rey, CA 90292 Tel: 310-823-9358 Fax: 310-823-8649 Email: lynn@icann.org