• CCOP conducts an annual test to ensure that incident response teams work together strongly in a safe environment.
  • A third-party vendor and the PTI continuity team participated in the testing, and the exercise successfully demonstrated that the plan adequately covered the basic functions of the mission, as well as some process issues that needed improvement.

The IANA Naming Function (IANA) is managed by ICANN and PTI, who collaborate to develop and implement a Contingency and Continuity of Operations Plan (CCOP). This plan is updated annually to ensure the function’s security and stability. The CCOP includes plans for continuation in case of cyber or physical attacks, emergencies, or natural disasters. PTI submits the CCOP to ICANN after each update and publishes a report detailing the results within 90 days of the annual test. The current version of the CCOP was adopted by PTI’s President in September 2023.

CCOP’s Annual Test

The CCOP, an annual exercise designed to ensure robust collaboration among incident response teams, is being reviewed by a third-party to align with industry best practices and ICANN’s Crisis Management Plan. The exercise tests the awareness of each party’s operational failure activities and identifies opportunities for improvement.

On December 7, 2023, a tabletop exercise was conducted with a third-party vendor, the PTI Continuity Team, and representatives from ICANN’s Engineering & Information Technology, Legal, Human Resources, Communications, and Security Operations departments. The plan was tested through an extensive scenario involving the unavailability of people, facilities, applications, and vendors across mission essential functions in the Los Angeles and Washington, DC, metro areas.

Also read:ICANN 79 review: Shaping the future of internet governance

Benefits of COOP

The exercise demonstrated that the plan adequately covered mission functions, and the PTI Continuity Team effectively coordinated response to disruptions through crisis management, understanding individual response roles, problem framing, risk analysis, stakeholder understanding, and initial escalation of information and internal communication flow.

Also read:What is ICANN? Inside the non-profit org that ensures the stability of the internet

Areas for improvement and enhancement of COOP

IANA should formalise critical processes within the CCOP to address major crisis events. A transition plan and training for continuity team alternates are necessary for efficiency. Internal and external communication plans should be updated to provide alternative options in the event of network connectivity compromises. The legal and communications teams should develop preapproved statements for increased efficiency. IANA should also engage with critical third-party partners to confirm their capabilities and capacities during a crisis.