Minutes | Board Technical Committee (BTC) Meeting 1 November 2019

Board Member and Liaison Attendees: Harald Alvestrand, Avri Doria, Rafael Lito Ibarra, Merike Kaeo, Akinori Maemura (Chair), Kaveh Ranjbar, and Tripti Sinha.

Other Board Members in Attendance: Becky Burr, Ron da Silva, Sarah Deutsch, Chris Disspain, Danko Jevtovic, Ihab Osman, and Matthew Shears.

ICANN Organization Attendees: Adiel Akplogan (Vice President for Technical Engagement), Susanna Bennett (SVP Chief Operating Officer), Franco Carrasco (Board Operations Specialist), James Caufield (VP, Risk Management), David Conrad (Chief Technology Officer), Samantha Eisner (Deputy General Counsel), Dan Halloran (Deputy General Counsel), Ashwin Rangan (SVP Engineering & Chief Information Officer), and Carlos Reyes (Strategic Policy Planning Director).

The following is a summary of discussions, actions taken, and actions identified:

  1. Engineering and IT Overview of ICANN Technical Infrastructure – The Chief Information Officer (CIO) provided the Committee with an overview of Engineering & Information Technology's (E&IT) vision, mission, strategies, processes, structure and budgets. E&IT's vision is to enable ICANN everywhere allowing for the accommodation of the ICANN Public Meetings that happen three times a year. E&IT's mission is to provide trusted technical expertise that has the ability to adapt and support ICANN org and the global ICANN multistakeholder model in a constantly changing technical landscape by focusing on: 1) embracing six "Go-To" technologies with a SaaS tilt; 2) mobile first development strategy; and 3) increasing reliance on the cloud. 

    The CIO also reviewed the four strategic focus areas for E&IT's work which includes portfolio pruning, information security (InfoSec) management, E&IT process maturity and alignment. Portfolio pruning will focus on reducing the number of systems and platforms currently in the E&IT portfolio by retiring old systems and combining them with other similarly master data-oriented systems.     InfoSec management will focus on both proactive and reactive risk management. For example, from a proactive standpoint, E&IT has discussed moving from the Center for Internet Security (CIS) CIS 20 Critical Security Controls framework to the National Institute Standard of Technology Cybersecurity Framework (NIST CSF) framework and providing annual cyber security trainings for end users. From a reactive standpoint, InfoSec is periodically performing automated vulnerability auditing of all ICANN-owned assets so that if a vulnerability is discovered, the E&IT team can properly advise the service owner on how to address it. InfoSec has also created an InfoSec "Ambassador Program" to get feedback on how to improve its services. In the area of process maturity, E&IT has engaged a third-party expert to conduct a preliminary review of the organization in an effort to guide the org to maturity level 4 under the Capability Maturity Model which measures the maturity of organizations. Simultaneously, E&IT has also developed a process to prioritize the various projects in the pipeline so there is visibility into what is likely to be expected at the end of the six month or in the course of the next six months. The CIO briefly reviewed the items in ICANN org's protected pipeline.

    Lastly, the CIO reported that E&IT will focus on better alignment internally to address the needs of the ICANN ecosystem. In this regard, he provided the Committee with an update on the items for community alignment including IPv6 compliance and Universal Acceptance implementation. The CIO also discussed the internal project alignment deliveries for the last three semesters and noted that he has appointed a relationship manager to each Senior Vice President (SVP) to ensure better understanding of the what the needs and demands are of each SVP.  

    The CIO also provided the Committee with a brief overview on the E&IT Budget for FY19.

  2. Update on RSSAC037/RSSAC038 Implementation Plan – The Committee considered a draft resolution to recommend to the Board regarding convening the Root Server Governance Working Group (GWG). The Strategic Policy Planning Director provided an overview of the changes made to the proposed GWG in response to public comments and outlined next steps if the Committee decided to recommend the proposed resolution for consideration by the Board. The Committee engaged in a discussion of the draft resolution and approved sending it to the Board for consideration.

  3. BTC Engagement at ICANN66 – The Committee Chair noted that the Committee has engagements at ICANN66 including meetings with the Security and Stability Advisory Committee (SSAC), the Root Server System Advisory Committee (RSSAC) and the ICANN Board, and the Technical Experts Group (TEG). The meeting with SSAC will largely focus on getting an understanding of the work done in the connection with Domain Name System (DNS) ecosystem threat landscape and the associated risk assessments. The meeting with the Board and RSSAC will discuss the Root Server Operator's (RSO) narrative document that was previously circulated to the Committee. Currently, the meeting agenda with the TEG is open, and potential topics may include a discussion about whether the TEG is necessary now that the Committee exists.

    • Action Item:

      • The Committee liaison for the SSAC to circulate information about the SSAC's work regarding the threat landscape in the DNS ecosystem.
  4. AOB – The CTO noted that the contract for the Name Collision Analysis Project (NCAP) has finalized and the associated work has begun.

The Chair called the meeting to a close.

Published on 17 December 2019