Second Security, Stability, and Resiliency (SSR2) Review Team Final Report
28 January 2021 23:59 UTC
8 April 2021 23:59 UTC
Staff Report Due
10 May 2021 23:59 UTC
Purpose: On 25 January 2021, the second Security, Stability, and Resiliency (SSR2) Review Team submitted its final report to the ICANN Board. This Public Comment proceeding aims to gather community input on the final report.
Current Status: The SSR2 Review Team Final Report is issued for Public Comment to inform Board action on the SSR2 Review Team's final recommendations.
Next Steps: Per the ICANN Bylaws (Section 4.6(a)(vii)(C)), the Board shall consider the SSR2 Review Team Final Report within six months of receipt of the final report, i.e. by 25 July 2021.
The SSR2 Review Team will host a webinar on 11 February 2021 at 15:00 UTC to brief the community on its final recommendations. Please see the wiki page for webinar details.
The Board will consider the Public Comment submissions received as well as a feasibility analysis and impact assessment of the implementation of recommendations, which will take into account initial cost and resource estimates and dependencies with other ongoing efforts within the community. The Board will then direct implementation of the recommendations that were approved subject to planning, scheduling, and prioritization, and provide written rationale for any recommendations that are not approved.
Section I: Description and Explanation
On 25 January 2021 the second Security, Stability, and Resiliency (SSR2) Review Team submitted its final report to the ICANN Board.
The SSR Review is a Specific Review mandated by ICANN's Bylaws (Article 4, Section 4.6) to review "ICANN's execution of its commitment to enhance the operational stability, reliability, resiliency, security, and global interoperability of the systems and processes, both internal and external, that directly affect and/or are affected by the Internet's system of unique identifiers that ICANN coordinates." Specific Reviews are crucial to the legitimacy and accountability of ICANN. Specific Reviews serve as ICANN's progress report to the world and demonstrate how ICANN delivers on its commitments and identifies areas where it can improve. Specific Reviews are conducted by members of the stakeholder community who look at past processes, actions, and outcomes in order to make recommendations to improve future performance.
The SSR2 Review Team Final Report contains 63 full consensus recommendations in the following areas:
- SSR1 implementation and intended effects;
- Key stability issues within ICANN;
- Contracts, compliance, and transparency around Domain Name System (DNS) abuse; and
- Additional SSR-related concerns regarding the global DNS.
The SSR2 Review Team considered comments received on its draft report and amended its report as it deemed appropriate. Appendix H of the SSR2 Final Report contains the SSR2 Review Team's response to the public comments.
Section II: Background
On 14 February 2017, ICANN announced the selection of a 16-member team to conduct the second Security, Stability, and Resiliency (SSR2) Review. The SSR2 Review Team held its first meeting on 2 March 2017.
On 28 October 2017, the ICANN Board, in consideration of concerns received, suspended the SSR2 Review Team's work, pending input from ICANN's Supporting Organizations (SOs) and Advisory Committees (ACs) on any need to adjust the scope, terms of reference, work plan, skill set and/or resources allocated to SSR2. The suspension generated a dialogue among the SO/AC chairs and ICANN Board and led to a request for additional membership on the review team and the engagement of an external facilitator to assist the review team in resolving issues of scope, membership, and other concerns as raised (see 15 February 2018 and 13 March 2018 correspondence for more information). On 7 June 2018, ICANN announced the formal restart of the SSR2 Review Team.
On 24 January 2020, the SSR2 Review Team published its draft report for Public Comment. The SSR2 Review Team received eighteen comments on its draft report, as documented in the Public Comment staff report.
Per the Bylaws, the issues that an SSR review team may assess are the following:
"(A) security, operational stability and resiliency matters, both physical and network, relating to the coordination of the Internet's system of unique identifiers;
(B) conformance with appropriate security contingency planning framework for the Internet's system of unique identifiers; and
(C) maintaining clear and globally interoperable security processes for those portions of the Internet's system of unique identifiers that ICANN coordinates.
(iii) The SSR Review Team shall also assess the extent to which ICANN has successfully implemented its security efforts, the effectiveness of the security efforts to deal with actual and potential challenges and threats to the security and stability of the DNS, and the extent to which the security efforts are sufficiently robust to meet future challenges and threats to the security, stability and resiliency of the DNS, consistent with ICANN's Mission.
(iv) The SSR Review Team shall also assess the extent to which prior SSR Review recommendations have been implemented and the extent to which implementation of such recommendations has resulted in the intended effect."
Section III: Relevant Resources
Section IV: Additional Information
- SSR2 Draft Report Public Comment Proceeding: https://www.icann.org/public-comments/ssr2-rt-draft-report-2020-01-24-en.
- SSR2 wiki space: https://community.icann.org/x/AE6AAw.
- Security, Stability, and Resiliency Review page on icann.org: https://www.icann.org/resources/reviews/specific-reviews/ssr.
- Final Report of the first Security, Stability, and Resiliency of the DNS Review Team (SSR1): https://www.icann.org/en/system/files/files/final-report-20jun12-en.pdf.
- SSR1 Review implementation wiki page: https://community.icann.org/x/tYdCAw.
Report of Public Comments