Skip to main content

Minutes – Board Risk Committee (BRC) Meeting

Published on 15 June 2016

BRC Attendees: Rafael Lito Ibarra, Ram Mohan (Co-Chair), George Sadowsky, Mike Silber (Co-Chair), Jonne Soininen, Kuo-Wei Wu, and Suzanne Woolf

Other Board Member Attendees: Rinalia Abdul Rahim, Chris Disspain, Asha Hemrajani, Erika Mann, and Bruce Tonkin

ICANN Executives and Staff Attendees: Susanna Bennett (Chief Operating Officer), Xavier Calvez (Chief Financial Officer), Melissa King (VP, Board Operations), Wendy Profit (Board Operations Specialist), Ashwin Rangan (Chief Innovation and Information Officer), and Amy Stathos (Deputy General Counsel)

Invited Guests: J. Beckwith Burr

The following is a summary of discussions, actions taken, and actions identified:

  1. BRC Workplan – Staff provided an overview of the BRC Workplan for the 2016 calendar and identified a few changes to the timing of certain topics and the format of the Workplan. The BRC discussed the scheduled updates from IT and the third-party consultant regarding ICANN’s cybersecurity and IT-related risks to ensure that such risks are appropriately mitigated.

  2. ERM Roadmap – Staff discussed the BRC’s previous comments regarding the format of the ERM Roadmap, which were directed at ensuring ease of review and comment by the BRC members. Staff reported that staff has changed the format of the ERM Roadmap and made it available through a shared system that will allow the BRC to work collaboratively on the ERM Roadmap. The BRC discussed the process by which access can be granted to the shared system. The BRC then discussed the upcoming ICANN56 meeting in Helsinki, and whether to conduct a BRC Workshop during that meeting or sometime after that meeting.

  3. BRC Workshop – The BRC discussed the activities for the anticipated upcoming BRC Workshop. The desired outcome would be to finalize the ERM Roadmap, following receipt of comments by the BRC members. The BRC also noted that another topic that needs to be addressed at the BRC Workshop is the best manner of engaging with the community regarding risk management, further noting that it is important that the community understands that the BRC is paying close attention to risk management and considers it a priority. The BRC also discussed potential methods of and sensitivities relating to community engagement. Staff reported that it is in the process of identifying potential IANA Stewardship Transition-related risks, and updating the list of top ten risks, both of which staff intends to present to the BRC at the Workshop.

    • Action:

      • Members of the BRC to reach out to the RSSAC, the SSAC, and the IETF and request input regarding suggested methods of community engagement with the BRC.

  4. Updates to BRC

    • Quarterly Risk Assessment – The quarterly risk assessment is in process and will be used to update the top ten risks list. Staff will review the draft with the BRC at ICANN56.
    • Cybersecurity Improvements – Current cybersecurity projects are on track and staff will provide the BRC with a more in-depth review at ICANN56.
    • Business Continuity Plan (BCP) – The development of the BCP is progressing. The first step, the business impact analysis, has been completed, and staff is starting development of continuity plans by function and location.
Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."