Security and Stability Advisory Committee (SSAC)
What is the SSAC?
In accordance with Section 12.2 (b) of the ICANN Bylaws, the Security and Stability Advisory Committee advises the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems. This includes operational matters (e.g., matters pertaining to the correct and reliable operation of the root name system), administrative matters (e.g., matters pertaining to address allocation and Internet number assignment), and registration matters (e.g., matters pertaining to registry and registrar services such as WHOIS). The SSAC engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly.
How does the SSAC Operate?
SSAC members are skilled and experienced technical professionals who volunteer their time and expertise to improve the security and integrity of the Internet's naming and addressing system. The SSAC produces Reports, Correspondence, and Comments on a range of topics. Reports are focused on providing information, recommendations and advice on technical Security Stability and Reliability (SSR) issues to the ICANN Board, the ICANN community, and/or the broader internet community. Correspondence comprises letters, comments and other documents on administrative, community and other non-SSR issues. Comments are prepared in response to explicit questions posed to or requests made to the SSAC, or as a response to ICANN's public comment forum.
The SSAC undertakes ongoing risk analysis to identify a prioritized list of topics for SSAC work. However, the ICANN Board, Advisory Committees (ACs), Supporting Organizations (SOs) or other bodies within ICANN may request that the SSAC review, comment, or give feedback on a specific topic or issue at any time.
How do I participate in the SSAC?
Technical professionals who are interested in joining as an SSAC member and contributing to SSAC work are encouraged to review the SSAC Skills Survey [PDF, 101 KB], read Section 2.3 of the SSAC Operational Procedures [PDF, 418 KB], see the SSAC Introduction [PDF, 634 KB] and contact SSAC Support Staff at email@example.com.
How does SSAC document its work?
SSAC documents its findings and recommendations in one of the following forms:
- Reports are focused on technical aspects of Security, Stability, and Reliability (SSR) issue. They can range between a deep analysis or detailed review of an issue to a short discussion on a more specific and narrowly-scoped topic. They may investigate emerging or long-term issues or could be published in response to a security event or incident, where timely notification to the community is a priority concern. They may be informational without any findings or recommendations or they could contain specific recommendations for the ICANN Board or community, and if appropriate, organized according to the groups to which they are most applicable. Specific recommendations for the ICANN Board will be captured in the Board Action Request Register (ARR) and tracked through implementation.
- Correspondence comprises those documents which are on topics of an administrative, governance or community-related nature and are normally signed by the SSAC Chair. They may take the form of a letter or a response submitted to a public comment forum. They may present recommendations regarding the issue.
- Comments are prepared in response to explicit questions posed to or requests made to the SSAC, e.g. when the ICANN Board asks the SSAC for an opinion. Comments may also be submitted as a response to ICANN's public comment forum. Comments may be brief or long, depending on the issue and the extent to which the SSAC studies it.
A goal of the SSAC is to ensure that its work results in specific actions whenever possible. In order to measure progress towards this goal, the SSAC tracks any effects of each recommendation. For documents that contain recommendations for the ICANN Board, the Board Action Request Register (ARR) captures the information required to understand the status of advice and tracks it from when it is given through implementation.
Tell me about the history of the SSAC
At its November 2001 meeting, which focused on security issues, the ICANN Board directed the President "to appoint a President's standing committee on the security and stability of the Internet's naming and address allocation systems. The President is directed to develop a proposed charter, with at least a focus on risk analysis and auditing thereof, in consultation with the President's standing committee, and to submit it to the Board for its approval."
At its meeting on 14 March 2002, the ICANN Board approved the charter of the ICANN Committee on Security and Stability.
On 13 May 2002, the ICANN Board converted the President's Committee on Security and Stability to the Security and Stability Advisory Committee.
Improving the SSAC
The SSAC has undergone two organizational reviews since it was established:
- The first organizational review was conducted by JAS Communications whose Final Report was delivered in May 2009. In response, SSAC conducted a self‐review exercise, which resulted in a coherent and comprehensive SSAC report to the Working Group, delivered in June, 2009. Subsequently, SSAC Support staff and the ICANN Board's Structural Improvements Committee (SIC) produced an Improvements Implementation Plan to implement the 33 recommendations outlined in the January 2010 Final report of the ICANN Board SSAC Review Working Group. This plan conforms to all guidance contained in the ICANN Board's Resolution 2010.06.25.05 that the SIC will, in coordination with staff, provide the Board with final implementation plans to conform with the measures recommended by the SIC to address the conclusions and recommendations in the final report of the Board Security and Stability Advisory Committee review Working Group. All elements of the plan were completed as of 18 March 2011.
- The second organizational review was conducted by Analysis Group whose Final Report was delivered in December 2018. The ICANN Board accepted the Final Report and the SSAC's Feasibility Assessment and Initial Implementation Plan in June 2019 (Resolutions 2019.06.23.15 – 2019.06.23.20). Implementation is well progressed and expected to be completed by December 2020.
Who are the Members of the Committee?
Rod Rasmussen is the Chair of the Security and Stability Advisory Committee.
- Greg Aaron
- Joe Abley
- Benedict Addis
- Jaap Akkerhuis
- Tim April
- Jeffrey Bedser
- Ben Butler
- Lyman Chapin
- KC Claffy
- Steve Crocker
- Andrew de la Haije
- Paul Ebersman
- Patrik Fältström
- Ondrej Filip
- Bobby Flaim
- James Galvin
- Robert Guerra
- Julie Hammer
- Cristian Hesselman
- Geoff Huston
- Merike Kaeo
- Andrei Kolesnikov
- Warren Kumari
- Jacques Latour
- Barry Leiba
- John R. Levine
- Danny McPherson
- Ram Mohan
- Russ Mundy
- Rod Rasmussen
- Chris Roosenraad
- Mark Seiden
- Doron Shikmoni
- Tara Whalen
- Suzanne Woolf
SSAC Support staff:
Support for the committee is provided by:
- Andrew McConachie, Policy and Technology Senior Manager
- Danielle Rutherford, SSAC and RSSAC Policy and Technology Analyst
- Kathy Schnitt, SSAC and RSSAC Support Lead Administrator
- Steve Sheng, Sr. Director, Policy Development Support
How do I Contact the Committee?
Comments and other communications to the committee should be sent to firstname.lastname@example.org.