Difference between revisions of "Second Security, Stability, and Resiliency Review"

From ICANNWiki
Jump to navigation Jump to search
Line 17: Line 17:
 
The call for volunteer applications was posted in June of 2016.<ref name="dashboard" /> The deadline for applications was extended, in part because the [[ICANN Board]] had adopted amendments to the organization's bylaws, some of which affected the selection process for specific reviews such as the SSR.<ref>[https://www.icann.org/en/announcements/details/application-for-the-second-security-stability-and-resiliency-ssr-2-review-team-12-8-2016-en ICANN.org - Application Deadline Extended for SSR2], August 12, 2016</ref> Team selection was delayed until February 2017<ref name="dashboard" />
 
The call for volunteer applications was posted in June of 2016.<ref name="dashboard" /> The deadline for applications was extended, in part because the [[ICANN Board]] had adopted amendments to the organization's bylaws, some of which affected the selection process for specific reviews such as the SSR.<ref>[https://www.icann.org/en/announcements/details/application-for-the-second-security-stability-and-resiliency-ssr-2-review-team-12-8-2016-en ICANN.org - Application Deadline Extended for SSR2], August 12, 2016</ref> Team selection was delayed until February 2017<ref name="dashboard" />
  
The team submitted its Terms of Reference (ToR) on May 11, 2017.<ref>[https://community.icann.org/display/SSR/Correspondence SSR2 Workspace - Correspondence]</ref><ref>[https://community.icann.org/display/SSR/Terms+of+Reference?preview=/64076120/64948210/SSR2-TermsofReference-CLEAN%20v4.0%20ET.docx Terms of Reference, SSR2], May 11, 2017 (Word document)</ref> In June, the Board responded to the review team, noting that the Terms of Reference "in general must provide a clear articulation of work to be done and a basis for how the success of the project will be measured," and expressing some concerns regarding the clarity of the ToR and work objectives.<ref>[https://mm.icann.org/pipermail/ssr2-review/attachments/20170623/d33ead7b/Boardresponse-SSR2TermsofReference-June2017.pdf Board Response to SSR2 Terms of Reference], June 23, 2017</ref>
+
The team submitted its Terms of Reference (ToR) on May 11, 2017.<ref>[https://community.icann.org/display/SSR/Correspondence SSR2 Workspace - Correspondence]</ref><ref>[https://community.icann.org/display/SSR/Terms+of+Reference?preview=/64076120/64948210/SSR2-TermsofReference-CLEAN%20v4.0%20ET.docx Terms of Reference, SSR2], May 11, 2017 (Word document)</ref> In June, the Board responded to the review team, noting that the Terms of Reference "in general must provide a clear articulation of work to be done and a basis for how the success of the project will be measured," and expressing some concerns regarding the clarity of the ToR and work objectives.<ref>[https://mm.icann.org/pipermail/ssr2-review/attachments/20170623/d33ead7b/Boardresponse-SSR2TermsofReference-June2017.pdf Board Response to SSR2 Terms of Reference], June 23, 2017</ref> Work continued within the review team and on the listserv, particularly with regard to formulating and refining the team's work plan. However, no formal response issued regarding the board's concerns.
 +
 
 +
In October 2017, the [[SSAC]] submitted a letter to the ICANN Board, advocating for a pause in SSR2 and arguing that the "current approach, if continued without significant change, will ultimately result in a report that does not have the quality expected by the ICANN Community."<ref>[https://www.icann.org/en/system/files/correspondence/faltstrom-to-icann-board-03oct17-en.pdf ICANN.org - Faltstrom letter to ICANN Board], October 3, 2017</ref> In the same month, the Board sent objections regarding the scope of the still-evolving work plan, specifically the work of Subgroup 2 and the proposal to conduct a full review of ICANN's internal operational security.<ref>[https://mm.icann.org/pipermail/ssr2-review/2017-October/000631.html ICANN.org Listserv Archive - Board Letter regarding Subgroup 2's scope], October 3, 2017</ref> Within the review team, reactions were mixed to both letters. A proposed response regarding a planned Los Angeles on-site for Subgroup 2 On October 10-11 (one week from receipt of the letter addressing scope concerns) was not able to obtain consensus, particularly from SSAC-affiliated members of the review team.<ref>[https://mm.icann.org/pipermail/ssr2-review/2017-October/000644.html ICANN Listserv Archive - Email Replying to the Board], October 5 2017 (and subsequent replies)</ref>
 +
 
 +
In the intervening days, chairs of other SOs and ACs also reported concerns regarding the direction of the SSR2 review. As a result, on October 28, 2017, the board sent a letter to the review team instructing them to pause all work until meetings could be held between the chairs of the SOs and ACs and board members at [[ICANN 60]].<ref name="pause">[https://www.icann.org/en/system/files/correspondence/crocker-to-ssr2-28oct17-en.pdf ICANN.org - Letter from Steve Crocker to SSR2], October 28, 2017</ref> The letter reads in part:
 +
<blockquote>In light of the importance of this effort, the concerns being expressed, and the resources devoted to date, we believe that it is imperative that the community assure itself that the SSR2 is appropriately composed and structured to achieve its purpose. Accordingly, the Board will be meeting with SO/AC Chairs, the SSR2 Review Team, and the community on this topic throughout ICANN 60, and following the meeting will formally ask the SOs and ACs to consider whether they believe there is a need to adjust the scope, terms of reference, work plan, skill set and/or resources allocated to SSR2.
 +
 
 +
Without prejudging the answer to those questions, the Board considers that the most responsible course is to suspend the review team’s work pending responses from the SOs and ACs.<ref name="pause" /></blockquote>
 +
 
 +
The SSR2 team met with SOs and ACs over the course of ICANN 60, as well as the board.<ref>[https://community.icann.org/display/SSR/ICANN60+%7C+Abu+Dhabi SSR2 Workspace - ICANN 60 Meetings]</ref> In the aftermath of the meeting between SSR2 and the board, there was a brief discussion between the board and chairs of the SOs and ACs regarding next steps.<ref name="caucus">[https://community.icann.org/display/SSR/Meeting+with+ICANN+Board+-+ICANN60?preview=/74580437/74582377/2017-11-02%20Joint%20Meeting%20-%20SSR2%20Discussion%20-%20Board%20and%20Community%20Leadership.pdf SSR2 Workspace - Meeting with Board Caucus & Community Leadership], November 2, 2017</ref> The result of those meetings was that the SOs and ACs would "do what needed to be done" to correct the trajectory of the review process. There was acknowledgement that there was no existing process for a situation like this, and apologies to chairs and review team members alike regarding potential board or staff contributions to the impasse.<ref name="caucus" /> The project remained on hold for the SOs and ACs to establish a plan.
 +
 
 +
In December 2017, the SOs and ACs sent a letter and questionnaire to the SSR2 review team.<ref name="prelim"> [https://www.icann.org/en/system/files/correspondence/soac-to-ssr2-21dec17-en.pdf ICANN.org - SO/AC Letter to SSR2], December 21, 2017</ref>  
  
 
==References==
 
==References==
 
{{reflist}}
 
{{reflist}}
 
__NOTOC__
 
__NOTOC__

Revision as of 19:58, 25 May 2021

The Second Security, Stability, and Resiliency Review (SSR2) was initiated in June 2016. The review team's final report was submitted to the ICANN Board in January 2021.[1] As of May 2021, the report is awaiting board action.[1]

Background

The Affirmation of Commitments, an agreement between ICANN and the United States Department of Commerce, establishes ICANN's obligations to perform its duties with specific commitments in mind. All of the commitments bear on public and consumer trust of the organization. ICANN is to perform its functions in a manner that:

  • ensures accountability and transparency of decision-making;
  • preserves the security, stability, and resiliency of the DNS;
  • promotes competition, consumer trust, and consumer choice; and
  • enables access to registration data.

ICANN is also charged to periodically review and assess its performance through the lens of each of the above commitments.[2]

ICANN's board enshrined these commitments (and the associated reviews) in its Bylaws in Article 1 (Mission, Commitments, and Core Values)[3] and in Article 4 (Accountability and Review).[4] Article 4.6 deals with "Specific Reviews," each of which are tied to one of the commitments in the Affirmation of Commitments.[5]

The Organizational Effectiveness Committee of the board oversees the conduct of specific reviews.[6] The SSR is one such review. The Bylaws mandate that the review team include independent experts in the field of networking security and stability.[5] The Bylaws also call for SSR reviews to begin no later than five years after the completion of the prior review.[5]

Initiation, Delays, and Restarts

The call for volunteer applications was posted in June of 2016.[1] The deadline for applications was extended, in part because the ICANN Board had adopted amendments to the organization's bylaws, some of which affected the selection process for specific reviews such as the SSR.[7] Team selection was delayed until February 2017[1]

The team submitted its Terms of Reference (ToR) on May 11, 2017.[8][9] In June, the Board responded to the review team, noting that the Terms of Reference "in general must provide a clear articulation of work to be done and a basis for how the success of the project will be measured," and expressing some concerns regarding the clarity of the ToR and work objectives.[10] Work continued within the review team and on the listserv, particularly with regard to formulating and refining the team's work plan. However, no formal response issued regarding the board's concerns.

In October 2017, the SSAC submitted a letter to the ICANN Board, advocating for a pause in SSR2 and arguing that the "current approach, if continued without significant change, will ultimately result in a report that does not have the quality expected by the ICANN Community."[11] In the same month, the Board sent objections regarding the scope of the still-evolving work plan, specifically the work of Subgroup 2 and the proposal to conduct a full review of ICANN's internal operational security.[12] Within the review team, reactions were mixed to both letters. A proposed response regarding a planned Los Angeles on-site for Subgroup 2 On October 10-11 (one week from receipt of the letter addressing scope concerns) was not able to obtain consensus, particularly from SSAC-affiliated members of the review team.[13]

In the intervening days, chairs of other SOs and ACs also reported concerns regarding the direction of the SSR2 review. As a result, on October 28, 2017, the board sent a letter to the review team instructing them to pause all work until meetings could be held between the chairs of the SOs and ACs and board members at ICANN 60.[14] The letter reads in part:

In light of the importance of this effort, the concerns being expressed, and the resources devoted to date, we believe that it is imperative that the community assure itself that the SSR2 is appropriately composed and structured to achieve its purpose. Accordingly, the Board will be meeting with SO/AC Chairs, the SSR2 Review Team, and the community on this topic throughout ICANN 60, and following the meeting will formally ask the SOs and ACs to consider whether they believe there is a need to adjust the scope, terms of reference, work plan, skill set and/or resources allocated to SSR2. Without prejudging the answer to those questions, the Board considers that the most responsible course is to suspend the review team’s work pending responses from the SOs and ACs.[14]

The SSR2 team met with SOs and ACs over the course of ICANN 60, as well as the board.[15] In the aftermath of the meeting between SSR2 and the board, there was a brief discussion between the board and chairs of the SOs and ACs regarding next steps.[16] The result of those meetings was that the SOs and ACs would "do what needed to be done" to correct the trajectory of the review process. There was acknowledgement that there was no existing process for a situation like this, and apologies to chairs and review team members alike regarding potential board or staff contributions to the impasse.[16] The project remained on hold for the SOs and ACs to establish a plan.

In December 2017, the SOs and ACs sent a letter and questionnaire to the SSR2 review team.[17]

References

  1. 1.0 1.1 1.2 1.3 ICANN.org - SSR Dashboard
  2. ICANN.org - Affirmation of Commitments, September 30, 2009
  3. ICANN Bylaws, Article 1
  4. ICANN Bylaws, Article 4
  5. 5.0 5.1 5.2 ICANN Bylaws, Article 4.6
  6. ICANN.org - Organizational Effectiveness Committee
  7. ICANN.org - Application Deadline Extended for SSR2, August 12, 2016
  8. SSR2 Workspace - Correspondence
  9. Terms of Reference, SSR2, May 11, 2017 (Word document)
  10. Board Response to SSR2 Terms of Reference, June 23, 2017
  11. ICANN.org - Faltstrom letter to ICANN Board, October 3, 2017
  12. ICANN.org Listserv Archive - Board Letter regarding Subgroup 2's scope, October 3, 2017
  13. ICANN Listserv Archive - Email Replying to the Board, October 5 2017 (and subsequent replies)
  14. 14.0 14.1 ICANN.org - Letter from Steve Crocker to SSR2, October 28, 2017
  15. SSR2 Workspace - ICANN 60 Meetings
  16. 16.0 16.1 SSR2 Workspace - Meeting with Board Caucus & Community Leadership, November 2, 2017
  17. ICANN.org - SO/AC Letter to SSR2, December 21, 2017
Retrieved from "https://icannwiki.org/index.php?title=Second_Security,_Stability,_and_Resiliency_Review&oldid=1316453"