Contingency and Continuity of Operations Plan Test Report

14 March 2025

ICANN and PTI maintain a Contingency and Continuity of Operations Plan ("CCOP") for the IANA Naming Function. This Plan is compiled and tested in accordance with section 5.2(b) of the IANA Naming Functions Agreement effective 1 October 2016, which reads:

“[PTI] shall collaborate with ICANN to develop and implement a [CCOP] for the IANA Naming Function. [PTI] in collaboration with ICANN shall from time to time update and annually test the CCOP as necessary to maintain the security and stability of the IANA Naming Function. The CCOP shall include details on plans for continuation of the IANA Naming Function in the event of cyber or physical attacks, emergencies, or natural disasters. [PTI] shall submit the CCOP to ICANN after each update and publish on the IANA Website a report documenting the outcomes of the CCOP tests within 90 calendar days of the annual test.”

This current version of the CCOP was adopted by the President of PTI in September 2024.

CCOP Annual Test

The CCOP is tested annually to enable robust collaboration amongst the incident response team in a safe environment. The exercise tests awareness of activities conducted by each party in case of operational failures, and seeks to identify opportunities to refine the approach described within.

A tabletop exercise was held on 12 December 2024. Present for the test were the PTI Continuity Team, composed of key staff members that perform the IANA functions that would take lead in restoration efforts. Also present were representatives from ICANN’s Legal, Human Resources, Risk, and Security Operations departments. Notably present for this year's exercise were members from ICANN’s Root Zone Maintainer contractor Verisign who would be involved in the continuity and remediation of services.

This year the plan was tested via a scenario that required the planning and execution of key signing ceremonies under imposing time constraints.

Findings

The findings of the exercise were delivered to the PTI President on 21 January 2025. The key findings were:

Strengths

  • The PTI Continuity Team was effective in coordinating a response to disruptions.
  • The exercise was beneficial in testing the emergency procedures and run books related to management of the DNS Root Zone Key Signing Key (KSK).
  • Verisign's participation was beneficial in exposing assumptions in the capabilities of recovery processes.
  • The PTI Continuity team demonstrated sound knowledge of processes and procedures.

Opportunities for Improvement

  • IANA should resume third-party facilitation of table-top exercises to plan and execute events that best solicit areas of improvement.
  • IANA should continue to engage with ICANN's crisis management team to further test the interactions with other ICANN departments.
  • IANA should continue to engage with its critical third-party partners to further develop recovery procedures and plans.

Approval

Name: Kim Davies
Position: President, PTI
Date: 14 March 2024