Contingency and Continuity of Operations Plan Test Report

25 February 2021

ICANN and PTI maintain a Contingency and Continuity of Operations Plan (“CCOP”) for the IANA Naming Function. This Plan is compiled and tested in accordance with section 5.2(b) of the IANA Naming Functions Agreement effective 1 October 2016, which reads:

“[PTI] shall collaborate with ICANN to develop and implement a [CCOP] for the IANA Naming Function. [PTI] in collaboration with ICANN shall from time to time update and annually test the CCOP as necessary to maintain the security and stability of the IANA Naming Function. The CCOP shall include details on plans for continuation of the IANA Naming Function in the event of cyber or physical attacks, emergencies, or natural disasters. [PTI] shall submit the CCOP to ICANN after each update and publish on the IANA Website a report documenting the outcomes of the CCOP tests within 90 calendar days of the annual test.”

This current version of the CCOP was adopted by the President of PTI in July 2020.

CCOP Annual Test

The CCOP is tested annually to enable robust collaboration amongst the incident response team in a safe environment. The exercise tests awareness of activities conducted by each party in case of operational failures, and seeks to identify opportunities to refine the approach described within.

The ongoing pandemic presented both opportunities and challenges for PTI’s continuity preparedness. PTI staff have worked in a remote configuration since February 2020 and have continued to successfully deliver the IANA Naming Function. This has proven that the minimum essential functions can be operated without a presumption of a physical office, even though such an operational change had impacts on other aspects of the team’s work.

For this year’s test, two scenarios were devised to simulate different types of disasters. The first scenario described a pandemic that affected our ability to perform the Key Signing Ceremony. The second scenario described an earthquake impacting staff in the Los Angeles area.

A tabletop exercise was performed on December 4, 2020 to test the CCOP’s ability to deal with these events. Present for the test were the PTI Continuity Team, composed of key staff members that perform the IANA functions that would take lead in restoration efforts. Also present were representatives from ICANN’s Engineering & Information Technology, Communications, Human Resources, Security Operations and Facilities, and Risk Management departments.

Findings

A report identifying strengths and opportunities for improvement was delivered to the PTI President on 23 February 2021. The report has been reviewed and has found the following:

  • The exercise was successful in demonstrating that the plan was adequate to respond to the scenarios presented;
  • The plans and procedures relating to the Key Signing Ceremony were sufficient to navigate significant simulated adversity;
  • Processes and procedures should be further developed to support the timely reconstitution of our emergency systems and processes;
  • Future exercises would benefit from the use of external vendors for scenario design and facilitation;
  • When it is practical to do so, external contracted parties directly involved in root zone management should be invited to participate in future exercises;
  • Develop specific standard operating procedures for different categories of events.

Approval

Name: Kim Davies
Position: President, PTI
Date: 25 February 2021