Approved Board Resolutions | Special Meeting of the ICANN Board 17 December 2020

  1. Consent Agenda:
    1. Appointment of Root Server System Advisory Committee (RSSAC) Chair
    2. Security and Stability Advisory Committee (SSAC) Member Appointments
    3. Contingency Plans for 2021 Key Signing Key Ceremonies
    4. Change to Credit Card Payments Processing Service Agreement
  2. Main Agenda:
    1. 2020 Strategic Outlook Trends Report
    2. ICANN Organization Risk Appetite Statement
    3. Afilias Change of Control Approval Request
    4. AOB
  3. Executive Session:
    1. President and CEO At-Risk Compensation for First Half of FY21

 

  1. Consent Agenda:

    1. Appointment of Root Server System Advisory Committee (RSSAC) Chair

      Whereas, the ICANN Bylaws call for the establishment of the Root Server System Advisory Committee (RSSAC) with the role to advise the ICANN community and ICANN Board of Directors on matters relating to the operation, administration, security, and integrity of the Internet's Root Server System.

      Whereas, the ICANN Bylaws call for the RSSAC to be led by a chair appointed by the ICANN Board of Directors.

      Whereas, the RSSAC went through a 30-day nomination period for the RSSAC chair election process.

      Whereas, Fred Baker was the only candidate and re-elected by acclamation on 1 December 2020.

      Whereas, the RSSAC has recommended to the ICANN Board of Directors the appointment of Fred Baker as the RSSAC chair.

      Resolved (2020.12.17.01), the ICANN Board of Directors appoints Fred Baker as the RSSAC chair through 31 December 2022.

      Rationale for Resolution 2020.12.17.01

      In September 2019, the ICANN Board of Directors approved a Bylaws amendment pertaining to the RSSAC leadership. As a result, the RSSAC leadership composition transitioned from two co-chairs to a chair and a vice chair. The current term for the RSSAC chair Fred Baker expires 31 December 2020.

      The appointment of the RSSAC chair is not anticipated to have any fiscal impact on the ICANN organization that has not already been accounted for in the budgeted resources necessary for ongoing support of the RSSAC.

      This resolution is an organizational administrative function for which no public comment is required. The appointment of the RSSAC chair contributes to the commitment of the ICANN organization to strengthen the security, stability, and resiliency of the DNS in the public interest and in accordance with ICANN's mission.

    2. Security and Stability Advisory Committee (SSAC) Member Appointments

      Whereas, the ICANN Bylaws set out three-year terms for SSAC members, and require the SSAC, through its internal processes, to make recommendations to the ICANN Board for appointment to those terms.

      Whereas, in November 2020 the SSAC Membership Committee initiated an annual review of two SSAC members whose terms are ending 31 December 2020 and submitted to the SSAC its recommendations for reappointments in December 2020.

      Whereas, on 14 December 2020, the SSAC members approved the reappointments.

      Whereas, the SSAC recommends that the Board reappoint the following SSAC members to three-year terms: Tim April and Andrei Kolesnikov.

      Whereas, the SSAC Membership Committee, on behalf of the SSAC, recommends that the Board should appoint Matthew Thomas to the SSAC for a three-year term beginning on 01 January 2021 and ending on 31 December 2023.

      Resolved (2020.12.17.02), the Board accepts the recommendation of the SSAC and reappoints the following SSAC members to three-year terms beginning 01 January 2021 and ending 31 December 2023: Tim April and Andrei Kolesnikov.

      Resolved (2020.12.17.03), the Board accepts the recommendation of the SSAC and appoints Matthew Thomas to the SSAC for a three-year term beginning 01 January 2021and ending on 31 December 2023.

      Rationale for Resolutions 2020.12.17.02 – 2020.12.17.03

      The SSAC is a diverse group of individuals whose expertise in specific subject matters enables the SSAC to fulfill its role and execute its mission. Since its inception, the SSAC has invited to its membership individuals with deep knowledge and experience in technical and security areas that are critical to the security and stability of the Internet's naming and address allocation systems.

      The SSAC's continued operation as a competent body is dependent on the accumulation of talented subject matter experts who have consented to volunteer their time and energies to the execution of the SSAC mission.

      This resolution is an organizational administrative function for which no public comment is required. The appointment of SSAC members is in the public interest and in furtherance of ICANN's mission as it contributes to the commitment of the ICANN to strengthen the security, stability, and resiliency of the DNS.

    3. Contingency Plans for 2021 Key Signing Key Ceremonies

      Whereas, ICANN, through its affiliate PTI, must regularly generate cryptographic signatures that allow the root zone to be properly authenticated using DNSSEC. This work is currently performed every three months using "key signing ceremonies" involving trusted community representatives from throughout the world, governed by the DNSSEC Practice Statement.

      Whereas, in April 2020, the Board resolved to authorize contingency plans to hold these ceremonies in a modified format in response to the challenges posted by the COVID-19 pandemic.

      Whereas, the COVID-19 pandemic continues to challenge ICANN's ability to perform the key ceremonies according to policy, due to global travel restrictions and guidance from governments and health authorities to limit gatherings of people.

      Resolved (2020.12.17.04), the Board finds the contingency plans continue to be in the best interests of ICANN and in the global public interest, and authorizes the President and CEO, or his designee(s), in consultation with the PTI President, to take all necessary steps to perform the key signing ceremonies as provided in the contingency plans during 2021.

      Rationale for Resolution 2020.12.17.04

      1. Introduction

        The Root Zone Key Signing Key (Root KSK) is managed using a system that deliberately disperses a number of trusted roles both logically and geographically as a security measure that is designed to reduce risk of collusion between parties to perform unplanned activity. In normal operations, many of these trusted role-players need to converge at one of two ICANN-managed sites (key management facilities, or KMFs) to perform "ceremonies" where each performs their role to perform essential KSK procedures, typically once every three months.

        Due to the Coronavirus pandemic, ICANN org staff's mobility has been curtailed and other companies that supply these trusted roles have enacted similar policies. Further, governments have implemented travel restrictions that have a similar effect of reducing mobility. There is a significant risk that these factors continue to impede the ability to hold key signing ceremonies in a normal manner. Without effective contingency plans, the inability to perform successful KSK operations would ultimately mean a widespread catastrophic failure of the DNS.

      2. Board Remit

        The Board's action on this matter is in-line with decision making it took in April 2020 at the beginning of the pandemic. This resolution seeks to extend the contingency plans beyond the period originally envisaged.

      3. Proposal

        The Board's action today is to authorize the ICANN President and CEO, in consultation with the PTI President, to continue to take all necessary steps to perform the key signing ceremonies as outlined in the following contingency plans. The ceremony management approach in the contingency plans continues to adapt ceremony operations to facilitate maximum safe participation and deciding upon alternatives where participation is not possible. It also provides for additional operational resiliency by performing signing operations for additional calendar quarters until ceremony operations can safely resume in their normal format.

        The associated procedures and policies allow for operations in this format following adjustments adopted by ICANN's Policy Management Authority on 6 April 2020. In particular, the DNSSEC Practice Statement1 (DPS) formally governs how KSK management is performed, and has been revised to allow for implementation of the presented options following proper authorization by management.

        3.1 KSK Ceremony 42 (2021Q1)

        Staff has taken lessons learned planning and conducting KSK Ceremony 41, improved details based upon community feedback, and proposes to perform KSK Ceremony 42 in a similar manner which satisfies the broader Internet community and our DPS requirements. The ceremony would be held in the first quarter of 2021, with prospective attendees to be polled on the precise date upon adoption of this resolution.

        3.1.1 Graduated set of options for ceremony performance

        As with the 41st KSK ceremony held in April 2020, the final configuration of the ceremony will be held based on an assessment of the viability of a graduated set of options. These options provide for alternate mixes of personnel based on the nature of the restrictions around the time the ceremony is due to be held. In all cases, the ceremonies continue to be held in a public and transparent manner, with the ability for community members to participate remotely to assure confidence in how the ceremony is conducted. Compensative controls are effectively implemented to provide assurances regarding the custody of all secure elements used in the ceremony.

        3.1.2 Signing for additional calendar quarters

        The coronavirus pandemic is expected to continue to significantly impact operations well into 2021. To limit the impact on the ability to hold quarterly key ceremonies, the plan again provides for generating signatures for an extended nine month period. This relieves the need to hold a subsequent key signing ceremony until the fourth quarter of 2021.

        3.2 KSK Ceremony 43 (2021Q4)

        A successfully held ceremony in the first quarter of 2021, which generates nine months of signatures, would require the subsequent key ceremony to be held in the fourth quarter of 2021.

        Staff will continue to monitor the pandemic and prepare for all possible scenarios for this ceremony in accordance with the graduated approach. Should widespread vaccination programs prove to be successful, and international travel limitations be relaxed, it is conceivable a late-2021 ceremony could be conducted in its normal format with international in-person participation.

      4. Stakeholder Consultation

        The original contingency plan was developed in early 2020 through wide community engagement, including expected ceremony participants, the third-party auditor, the root zone maintainer, the vendors that support the key ceremony, the trusted community representatives and former ceremony attendees, ICANN's Root Zone Evolution Review Committee, and a number of relevant industry mailing lists. Subsequent to the April 2020 ceremony, the feedback received was universally positive that the modified format met the objectives and retained community trust in KSK management.

        Many of these same parties have been apprised of our intention to extend the contingency plan into 2021 and have supported these efforts.

      5. Fiscal Impact

        This proposal is not anticipated to have a material fiscal impact beyond normal operational costs associated with KSK management.

      6. Public Consultation Requirements

        This matter relates to IANA Naming Functions operations, performed by PTI under contract from ICANN. Procedures that are used in KSK operations must be approved by the Policy Management Authority, an internal ICANN Org committee. There is no formal public comment requirement, however, IANA staff will continue to consult with the trusted community representatives and other stakeholders to implement and adapt these plans.

      7. Public Interest

        The Board's action is within the public interest and within ICANN's mission as it will help to continue to ensure the stable and secure operation of the Internet's unique identifier systems. The inability to conduct key signing ceremonies in a timely manner would result in widespread DNS resolution failure globally as DNSSEC would cease to function. The Board's action will help ensure that DNSSEC-enabled devices will be able to resolve any domain names.

      8. Key Risks

        The following risk considerations were factored into the Board's deliberations on this action.

        8.1 Travel of attendees is interrupted

        The primary risk that this plan is designed to address is the inability of attendees to safely attend the key ceremony. The suggested mitigation is the graduated approach to different options to hold the ceremony, up to and including holding a ceremony only with staff in the Los Angeles metropolitan area, that will not require air or interstate travel, and with safety precautions for the individual attendees.

        8.2 Facility operator suspends access to facility

        The company that provides the facilities in which the KMFs are based may suspend access as part of their response to the pandemic. The suggested mitigation would be to advocate to their senior management, through trusted proxies if necessary, to make an exception given the requirement to hold this ceremony to support critical Internet infrastructure and Internet operation. ICANN has been in discussion with the local and national authorities about issuance of special guidance should it be necessary to retain the access needed to perform the key ceremony.

        8.3 Government suspends access to the facility, and/or constrains travel

        Governments at different levels may impose restrictions on travel or gatherings that impede the ability to hold the ceremony. ICANN can advocate for exceptions to be made through the appropriate channels, as described in the previous section, noting the requirement to hold this ceremony to support critical Internet infrastructure and Internet operation. In particular, ICANN has existing relationships with governments that can be used to seek such exemptions.

        8.4 Staff become ill or otherwise indisposed

        The minimum essential personnel may be incapable of performing the ceremony because they themselves are ill, quarantined or otherwise unavailable. The primary mitigation is PTI staff and other support staff from ICANN Org have been implementing social distancing since the beginning of March 2020 to limit potential transfer of illness. Additionally, there is approximately a three-month window to traverse the options presented, with sufficient slack to allow the exact date within each option to be adjusted to allow for recovery and still be held. There is also depth in staffing such that essential roles can be performed by different personnel if needed.

    4. Change to Credit Card Payments Processing Service Agreement

      Whereas, ICANN has established a need to enter into a new contract for the processing of credit card payments, supported by [REDACTED-FOR NEGOTIATION PURPOSES].

      Whereas, the Board Finance Committee has reviewed the financial implication of contracting with [REDACTED-FOR NEGOTIATION PURPOSES].

      Whereas, both the organization and the Board Finance Committee have recommended that the Board authorize the President and CEO, or his designee(s), to take all actions necessary to execute the new contract with [REDACTED-FOR NEGOTIATION PURPOSES] and to make all necessary disbursements pursuant to the contract.

      Resolved (2020.12.17.05) the Board authorizes the President and CEO, or his designee(s), to take all necessary actions to execute a new contract with [REDACTED-FOR NEGOTIATION PURPOSES] and to make all necessary disbursements pursuant to the contract.

      Resolved (2020.12.17.06), specific items within this resolution shall remain confidential for negotiation purposes pursuant to Article 3, section 3.5(b) of the ICANN Bylaws until the President and CEO determines that the confidential information may be released.

      Rationale for Resolutions 2020.12.17.05 – 2020.12.17.06

      ICANN org has partnered with [REDACTED-FOR NEGOTIATION PURPOSES] for the processing of credit card payments since September 2007. Over the years, the volume of payments that ICANN receives by credit cards has increased and the tiered rate structure negotiated in 2007 is no longer favorable to ICANN. However, ICANN wishes to continue offering this convenient method of payment to its stakeholders through its longtime partner and reputable service provider, [REDACTED-FOR NEGOTIATION PURPOSES].

      ICANN determined that under a new rate structure, [REDACTED-FOR NEGOTIATION PURPOSES] provided the most cost savings and best product value following a formal Request for Proposal (RFP) to identify potential service providers against 10 nominees and three participants.

      [REDACTED-FOR NEGOTIATION PURPOSES] offers minimal transition efforts and a good history of transferring funds between the issuing bank and ICANN, without delays or disputes. [REDACTED-FOR NEGOTIATION PURPOSES] also meets ICANN's three primary objectives:

      1. Secure services that meet global and local laws and regulations.
      2. Reduce ICANN's cost associated with credit card merchant fees.
      3. Migrate to a payment gateway service, increasing efficiency and accuracy for payments received by credit card.

      ICANN has also negotiated favorable terms. The initial term of the new contract is three years with an automatic one-year renewal period. The contract can be canceled at any time with 60-days advance notice. The [REDACTED-FOR NEGOTIATION PURPOSES] fees are fixed for the contract term and will not increase.

      After careful analysis, the Board agrees with the organization that the new contract is a more cost-effective solution for offering payments by credit cards at this time. The Board understands that the organization will continue to review other payment alternatives to further reduce the expense associated with these services and it will implement a process of regularly reviewing the fees billed by the service provider.

      Executing the contract on favorable terms is in the public interest as it will lower ICANN's expenses without any impact to the services ICANN provides to its community and therefore is also consistent with ICANN's Mission.

      There is a positive fiscal impact in that the new contract will result in a significant decrease in credit card processing fees. There is no anticipated impact to the security, stability, and resiliency of the domain name system.

      This is an Organizational Administrative function that does not require public comment.

  2. Main Agenda:

    1. 2020 Strategic Outlook Trends Report

      Whereas, following community and ICANN organization inputs received between November 2019 and March 2020 on key trends anticipated to impact ICANN in the coming years, the Board conducted an analysis, and concluded that the strategic objectives for ICANN, as reflected in the Strategic Plan for Fiscal Years 2021-2025, do not need to change.

      Whereas, on 22 October 2020, the Board formed a Strategic Planning Committee to oversee the annual strategic outlook (trends) process to identify relevant trends and events that inform ICANN's strategic planning and prioritization efforts. Prior to that date, the Board relied upon the use of a Board Working Group on Strategic Planning. This working group, as supported by ICANN organization, played a central role in reviewing and analyzing the results of the trend work and the related opportunities, risks, and impacts on ICANN. The working group articulated this work into a set of proposed priority trends, related impacts, and associated strategic and/or tactical recommendations for full-Board consideration.

      Whereas, members of the ICANN Board and ICANN organization held a webinar with the community on 06 October 2020 to present the Strategic Outlook process and methods used to conduct the analysis.

      Resolved (2020.12.17.07), the Board affirms that the ICANN Strategic Plan for Fiscal Years 2021 to 2025 shall remain in force and unchanged, with no restatement of the Strategic Plan needed at this time.

      Resolved (2020.12.17.08), the Board recognizes that there may be a future need to evolve this Strategic Plan, such as to address funding realities identified through the update of ICANN's Five-Year Operating and Financial Plan, or mid-course modifications during the life of the Strategic Plan. If such change is needed, the Board will direct the ICANN org on the scope of further actions.

      Rationale for Resolutions 2020.12.17.07 – 2020.12.17.08

      On 23 June 2019, the Board adopted the ICANN Strategic Plan for Fiscal Years 2021 to 2025 and directed that as part of the on-going annual planning cycle with the community, new trends or shifts in existing trends be factored into the annual iteration of ICANN's plans as appropriate. These efforts are conducted under a process known as the Strategic Outlook trend identification process.

      The Strategic Outlook trend identification is an annual process, which ensures ICANN has a consistent way to: identify and track trends; prepare for opportunities; mitigate or avoid challenges; inform strategic and operational planning and prioritization.

      It is a joint effort between the ICANN organization, the community, and the ICANN Board to engage on emerging or evolving trends that affect ICANN. Trends indicate general directions in which things are developing or changing, that have or could have an impact on ICANN, its mission, its operations, or its ecosystem. Trends can be internal or external, organization-specific, community-related, or go beyond ICANN's ecosystem as ICANN does not operate in a vacuum.

      ICANN org has found the exercise to be beneficial to help surface opportunities and challenges that lay ahead, inform planning, help with prioritization considerations, and risk management.

      Between November 2019 and March 2020, ICANN org convened 21 Strategic Outlook trends identification sessions with 398 participants from the community and the organization, resulting in 1,853 data points collected. Community sessions outputs have been published on the Strategic Planning page of the icann.org website.

      Between April and September 2020, the Strategic Planning Board Working Group, as supported by ICANN org, conducted a thorough analysis of the trend session data inputs received, including assessing the trends, risks, opportunities, and potential impacts on ICANN. The details of this analysis and associated recommendations have been documented in the 2020 Strategic Outlook Trends Report document attached to this paper for reference.

      The Board Strategic Planning Committee, on the basis of the work accomplished by the Strategic Planning Board Working Group in place prior to the formation of the committee, recommends keeping the ICANN Strategic Plan for Fiscal Years 2021 to 2025 unchanged, with no restatement of the Strategic Plan needed at this time.

      This resolution is not expected to have a fiscal impact on ICANN, though the changes anticipated to ICANN's Operating Plan might have impact once approved. This action is expected to have a positive impact on the security, stability and resiliency of the domain name system (DNS) as it continues to support ICANN's strategic work in this area.

      This resolution serves ICANN's mission in ensuring a secure and stable operation of the Internet's unique identifier systems. The ICANN Strategic Plan for Fiscal Years 2021-2025 builds upon ICANN's mission so that it may continue to effectively fulfil its aims and meet new and continuously evolving challenges and opportunities.

      This resolution is in the public interest as the Strategic Plan guides ICANN's activities and informs ICANN's operating plans and budgets to fulfil its mission in fiscal years 2021 through 2025. The Strategic Plan serves the public interest by articulating the path towards a new vision to be a champion of the single, open, and globally interoperable Internet. The Strategic Plan complies with ICANN's commitments and is guided by ICANN's core values.

      This is an Organizational Administrative Function that has been subject to community consultation as noted above, and is not requiring further public comment.

    2. ICANN Organization Risk Appetite Statement

      Whereas, the ICANN Board previously recognized the benefit of and need for a Risk Management Framework to guide the ICANN organization in managing risks it faces.

      Whereas, the ICANN Board previously set a target model for the Risk Management Framework including a Risk Appetite Statement.

      Whereas, risk management involves the identification of vulnerabilities to the organization and therefore it would not be prudent to publish the Risk Appetite Statement.

      Resolved (2020.12.17.09), the Board approves the ICANN Organization Risk Appetite Statement and directs the President and CEO, or his designee(s), to publish a summary of it.

      Rationale for Resolution 2020.12.17.09

      This Risk Appetite Statement articulates the level of risk which ICANN organization is willing to take and retain on a broad level to deliver its mission.

      The ICANN Organization Risk Appetite Statement:

      • Communicates to personnel that they need to pursue objectives within acceptable risk limits.
      • Provides input for prioritization for planning and budgeting.
      • Guides the Board and in its decision making and can be considered as part of the rationale that accompanies Board resolutions.
      • Informs performance management and incentive measurement, and guides personnel to make decisions that are aligned to the organizational risk appetite.
      • Encourages a risk management, not risk aversion, culture so that risk management is a responsibility shared across the organization and for which all personnel are accountable.
      • Enhances ICANN's reputation by demonstrating that the organization is committed to proactively managing risk.

      The ICANN Board and the ICANN Executive Team require that a robust Risk Management Framework be developed and implemented for ICANN organization. As part of the Target Operating Model for Risk Management, a Risk Appetite Statement is part of a mature framework.

      The Board of Directors and the ICANN org Executive Team are responsible for making informed decisions to set the level of accepted risk. The Risk Appetite Statement specifies the risks the organization is willing to take and retain, thereby demonstrating the risk appetite of the leadership of ICANN which can then be used to guide the operations of ICANN.

      Note that by design any Risk Appetite Statement is a high-level articulation of the risks faced by an organization. The intention is to provide a concise overview that is accessible to all personnel and the Board. Further, risks often involve vulnerabilities or threats to the organization, and it would be imprudent for any organization to provide public details of such risks.

      The Risk Appetite Statement was developed by the organization's Risk Management function in collaboration with representation of every organization function. The Risk Appetite Statement was reviewed by the organization Executive Team and approved by the ICANN President and CEO for consideration by the Board Risk Committee. The Board Risk Committee reviewed and recommended that the Board approve the ICANN organization Risk Appetite Statement. The Board received a presentation on the Risk Appetite Statement earlier in 2020.

      Adopting the Risk Appetite Statement is in the public interest and is also fully consistent with ICANN's mission as it articulates the risk appetite of the leadership of ICANN which can then be used to guide the operations of ICANN organization more efficiently and consistently from a risk management perspective.

      Adopting the BRC's recommendation has no financial impact on ICANN that was not otherwise anticipated; and it formalizes the Risk Management Framework of ICANN organization, and strengthens its approach to managing the risks it faces, therefore could have a positive impact on the security, stability and resiliency of the domain name system.

      This is an Organizational Administrative Function that does not require Public Comment.

    3. Afilias Change of Control Approval Request

      No Resolutions taken.

    4. AOB

      No Resolutions taken.

  3. Executive Session:

    1. President and CEO At-Risk Compensation for First Half of FY21

      Whereas, each Board member has confirmed that he/she does not have a conflict of interest with respect to establishing the amount of payment to the President and CEO for the first half of FY21 at-risk compensation component.

      Whereas, the Compensation Committee recommended that the Board approve payment to the President and CEO for the first half of his FY21 at-risk compensation.

      Resolved (2020.12.17.10), the Board hereby approves a payment to the President and CEO for his annual at-risk compensation component for the first half of FY21.

      Rationale for Resolution 2020.12.17.10

      When the President and CEO was hired, he was offered a base salary, plus an at-risk component of his compensation package. This same structure exists today. Consistent with all personnel with the ICANN organization, the President and CEO is to be evaluated against specific goals, which the President and CEO sets in coordination with the Compensation Committee and the Board.

      The President and CEO provided to the Compensation Committee his self-assessment of his mid-year achievements towards his FY21 goals. After reviewing, the Compensation Committee discussed and agreed with the President and CEO's self-assessment. Following discussion, the Compensation Committee recommended that the Board approve payment to the President and CEO for his at-risk compensation for the first half of FY21. The Board agrees with the Compensation Committee's recommendation.

      Taking this decision is in furtherance of ICANN's Mission and is in the public interest in that it helps ensure that President and CEO is sufficiently compensated in line with his performance in furtherance of the Mission, and which reflects that his goals are consistent with ICANN's Strategic and Operating plans.

      While the decision to pay the President and CEO his at-risk compensation for the first half of FY21 will have a fiscal impact on ICANN, it is an impact that was contemplated in the FY21 budget. This decision will not have an impact on the security, stability or resiliency of the domain name system.

Published on 21 December 2020


1 https://www.iana.org/dnssec/dps