Contingency and Continuity of Operations Plan Test Report

3 April 2024

ICANN and PTI maintain a Contingency and Continuity of Operations Plan (“CCOP”) for the IANA Naming Function. This Plan is compiled and tested in accordance with section 5.2(b) of the IANA Naming Functions Agreement effective 1 October 2016, which reads:

“[PTI] shall collaborate with ICANN to develop and implement a [CCOP] for the IANA Naming Function. [PTI] in collaboration with ICANN shall from time to time update and annually test the CCOP as necessary to maintain the security and stability of the IANA Naming Function. The CCOP shall include details on plans for continuation of the IANA Naming Function in the event of cyber or physical attacks, emergencies, or natural disasters. [PTI] shall submit the CCOP to ICANN after each update and publish on the IANA Website a report documenting the outcomes of the CCOP tests within 90 calendar days of the annual test.”

This current version of the CCOP was adopted by the President of PTI in September 2023.

CCOP Annual Test

The CCOP is tested annually to enable robust collaboration amongst the incident response team in a safe environment. The exercise tests awareness of activities conducted by each party in case of operational failures, and seeks to identify opportunities to refine the approach described within.

This year IANA engaged a third-party to review the CCOP and to update the plan to match industry best practices and to ensure alignment with ICANN's Crisis Management Plan.

A tabletop exercise was held on December 7, 2023. Present for the test were the third-party vendor and the PTI Continuity Team, composed of key staff members that perform the IANA functions that would take lead in restoration efforts. Also present were representatives from ICANN’s Engineering & Information Technology, Legal, Human Resources, Communications, and Security Operations departments.

This year the plan was tested via an extensive scenario involving the unavailability of people, facilities, applications, and vendors across all mission essential functions in the Los Angeles and Washington, DC metro areas.

Findings

A report identifying strengths and opportunities for improvement was delivered to the PTI President on 2 April 2024. The report has been reviewed and found the following:

Strengths

  • The exercise was successful in demonstrating that the plan adequately covered the mission essential functions
  • The PTI Continuity Team was effective in coordinating a response to disruptions, namely through:
    • Crisis management team dynamic and leadership commitment
    • Knowledge of primary individual response roles and requirements
    • Problem framing and risk analysis
    • Understanding of the stakeholder environment
    • Initial escalation of information and internal communication flow

    Opportunities for Improvement

    • IANA should continue to formalize critical processes within the CCOP to address the most pressing issues that the organization would face during major crisis events.
    • IANA should develop a transition plan and associated training for continuity team alternates to ensure efficiency in the absence of primary position holders.
    • IANA should update and further develop internal and external communication plans to ensure alternative options in the event that network connectivity is compromised.
    • IANA should have Legal and Communications teams develop preapproved statements to gain increased efficiencies if needed to be released in the event of a crisis.
    • IANA should engage with its critical third-party partners to confirm assumptions regarding their capabilities and capacities during a crisis.

    Approval

    Name: Kim Davies
    Position: President, PTI
    Date: 3 April 2024