Meeting of the ARIN Board of Trustees - 28 April 2021 [Archived]

via Video Teleconference

Attendees

• Paul Andersen, Chair
• Nancy Carter, Treasurer
• Peter Harrison, Trustee
• Catherine Middleton, Trustee
• Tina Morris, Trustee
• Bill Sandiford, Vice Chair

ARIN Staff

• Michael Abejuela, General Counsel, Board Secretary
• Anne-Rachel Inné, Sr. V.P., Government Affairs
• Richard Jimmerson, COO
• Brian Kirk, CFO
• Steve M. Ryan, Counsel
• Therese Simcox, Sr. E.A., Scribe
• John Sweeting, CCO

Regrets

• John Curran, President & CEO

1. Welcome, Agenda Review, & Disclosure of Conflicts of Interest

The Chair called the meeting to order at 4:33 p.m. ET. The presence of a quorum was noted, with the Chair acknowledging regrets from the President. He further acknowledged that Ms. Middleton would be delayed, and her request to delay the discussion of item 3, ARIN Election Procedures, until she joins the meeting. The Chair also stated that Ms. Morris would be delayed.

There were no conflicts of interest reported by the Board.

The Chair stated that the agenda would be reordered to accommodate the delayed Board members’ participation.

2. Consent Agenda

A) Approval of the Minutes. (Exhibit A, Exhibit B)

i) “The ARIN Board of Trustees approves the Minutes of 24 March 2021, as written.”

ii) “The ARIN Board of Trustees approves the Minutes of the Special Meeting of the ARIN Board of Trustees on April 5, 2021, as written.”

It was moved by Peter Harrison, and seconded by Bill Sandiford, that:

“The ARIN Board of Trustees approves the Consent Agenda, as presented.”

The Chair called for comments. There were no comments.

The motion carried with no objections.

Tina Morris joined at this time (4:37 p.m. ET).

3. ARIN Financial Reports Q1 2021

The CFO presented an overview of the first quarter financials to the Board for their information to include the Balance Sheet, Statement of Activities, and Cash Flows. There were no issues noted in the financial statements.

4. ARIN 2020 Audit Results

(Exhibits L, M)

At their meeting on April 15, 2021, the Finance Committee (FinCom) moved to recommend that the Board accept the 2020 Auditor’s Report and 2020 Audited Financial Statement. The Treasurer explained that during that meeting, the auditing firm presented the documents to the FinCom and that the 2020 audit was clean. She noted that certain amounts from the 2019 financial statements related to the capitalization of software development costs and accounts receivable were re-stated to align with U.S. Generally Accepted Accounting Principles (GAAP). The Treasurer also noted that the method for allocating certain expenses for the Statement of Functional Expenses was updated in 2020. The Treasurer stated that none of this affected the financial statement opinion.

The Treasurer pointed out that ARIN’s Finance team did a lot of work to make sure that the audit was well supported. The report contains a summary table outlining the restatement and the effect on the balance sheet to understand the non-cash effects of restatements. There was significant internal control testing conducted during the audit, and the team passed with flying colors. The Treasurer stated that the auditors expressed excellent cooperation from ARIN management. A great, positive result was received from working with the new auditors. The Treasurer referred the Board to the last pages of the statement that contain useful reference material for the future on upcoming GAAP changes, etc.; and she noted that the auditors have a very informative document repository.

The Treasurer noted that there is a change from last year on the Balance Sheet – net assets without donor restrictions. These are now tracked as Undesignated funds, and ARIN will have no Designated funds from this point forward unless there is a future change requested by the Board.

The CFO noted that because 2019 accounting practices led to a re-statement, the 2019 financial statements were not GAAP-compliant; and therefore, the auditor was required to communicate a material weakness in internal control over financial reporting. The financial statements for 2019 were corrected, and GAAP compliant accounting practices were implemented during 2020. The 2020 financial statements audited by BDO required no auditor adjustments.

Catherine Middleton joined 4:55 p.m. ET. The Chair briefed her on what had been discussed.

It was moved by Nancy Carter, and seconded by Peter Harrison, that:

“The ARIN Board of Trustees accepts the 2020 Auditor’s Report and 2020 Audited Financial Statement, as recommended by the ARIN Finance Committee.”

The Chair called for discussion. The Chair thanked the staff and the Treasurer for a well- discussed and well-reviewed audit.

The motion carried with 5 in favor, and one abstention (Catherine Middleton), via roll call vote.

It is noted that Ms. Middleton’s abstention was due to being unavailable for the full discussion on the item.

The Chair stated that the Election Procedures will be discussed as the last agenda item.

5. Staff Presentation on ARIN Strategic Reserve of IPv4 Addresses

(Exhibit N)

General Counsel provided an attorney-client privileged update to the Board on this and one other related item with the support of other staff present.

6. ARIN Cyber Security Options

(Exhibit K)

The COO stated that a report was previously provided to the Board on ARIN’s position regarding cyber security. It was requested by the Board that staff consider adding a senior-level security position to the company to increase the profile of related work and work toward process certifications. A memo was provided to the Board describing the background on the matter in response to their request which included a timeline for adding the new senior-level staff position and the associated high-level work plan for the position. The COO noted that the President wanted to ensure the Board was provided this memo prior to proceeding with recruitment efforts. It was described that once the new position is staffed, and the person is thoroughly onboarded and familiarized with ARIN’s operations, the senior leadership team would work with the new senior leader to conduct an internal evaluation on all aspects of cyber security throughout ARIN and obtain his/her ideas on other needed staff or resources needed to complete planned work.

It was asked at what level of management this person would be hired. The COO stated ARIN is considering the position at the V.P. level. It was asked which area of security work ARIN is targeting when hiring for this position. The COO responded that ARIN has a Product Owner who owns and oversees all ARIN routing security services, including RPKI. That will not change. The COO stated that the new senior-level information security position would focus on ISO certification work and general information security across the company.

In relation to the work timeline described in the memo, it was noted that an accelerated timeline can be achieved with additional investment. The COO replied that the new person would need several months to on-board and develop a path forward before any of the work is to begin. The acceleration of the timeline could occur, but may require more staff or contractors. There may be a request for this later on, but it is currently unknown until this new position is filled and the person brought up to speed in order for the person to make that assessment. It is expected this new position will participate in the creation of reporting for the Board. It was further noted for information that various organizations have been reaching out to understand the Regional Internet Registries’ (RIR) security posture.

The Chair called for comments from the Board on an accelerated timeline. Support was expressed with caution to ensure that the position is defined correctly and sufficient consultation and advice is provided to the candidates so that they fully understand what is needed. The COO stated that the final stages of the job description are currently in process. He assured the Board that staff will take their time to ensure the right person is hired. It was asked if a recruiter is being used. The COO stated a recruiter is not being utilized at this time, but the use of one would be considered if our announcement of the open position does not produce the desired response by qualified candidates.

The Chair stated that he is excited about the new position as it is a high priority that is getting attention and the Board will keep the additional investment in mind. He stated the President can move forward on this item without Board motion. Considering the high-level nature of this position and the expectation the cost may be high, it was noted the approval of the costs for the hire be reviewed and approved by the Treasurer prior to an offer being extended to a candidate when the time comes.

7. ARIN Election Procedures

(Exhibits C, D, E, F, G, H, I, J)

The Chair provided a brief overview of the exhibits. He requested that the Board discuss any changes, and he proposed staff provide the Board with a clean copy after edits are made.

Discussion ensued on the Election Process Calendar and the Nomination Committee’s (NomCom) timelines with regard to the first and second opening of candidate submissions. As this tied to the NomCom Qualification Questionnaires, it was agreed that Ms. Middleton, NomCom Chair, and Ms. Morris, both appointed NomCom Board members, work with staff on revising the text.

Discussion ensued on the timeline for NomCom assessment of petition candidates and the NomCom’s statement to the community. The election timeline should be updated to allow for reasonable consideration by the NomCom. It was agreed smaller items of change be circulated offline.

Discussion ensued on the Election Process Procedures. The Chair requested that General Counsel look for all inconsistencies throughout the document and ensure that any outlined tasks within the document are performed.

It was asked if Board members could send editorial changes to the General Counsel. General Counsel agreed requesting that the CCO be copied, as they will work together to make the appropriate updates. The COO also agreed, stating that the Customer Service department has been developing these documents with Counsel. The Chair stated that if the Board has comments other than editorial changes, to send them to the Board’s list.

The Board entered an executive session at 6:10 p.m. ET to further discuss candidate background checks. The Board exited the session at 6:26 p.m. ET.

The Chair tasked the CCO, General Counsel, Ms. Middleton and Ms. Morris to work on editorial edits from the Board and, within the next week, send a clean set of documents to the Board for review and approval. The call for nominations to the NomCom will open per the calendar, subject to review by the NomCom Chair. If there are any changes to the process, it can be revised - but no later than the opening for nominations.

The COO asked for clarity if the Board’s approval of the documents can be done via action without meeting via the Board’s list. The Chair responded it could be, as needed.

It was asked if any changes would be made this year to the NRO NC Election Process. It was noted that the President is working with the other RIRs to be more transparent with regard to candidates. The Board would need to decide on any changes to be made.

The Chair stated the Board will accept the amendment that was sent by the President to the Board’s list, and it will be included in the revised document that is sent to the Board.

8. ARIN Board Open Action Item Review

(Exhibit O)

This item is deferred to the next scheduled ARIN Board meeting.

9. Any Other Business

The Chair called for any other business.

The Chair stated that the Internet community lost a pioneer in Internet Security, Mr. Dan Kaminsky, who passed away on April 23rd. The Board sends their deepest condolences to his family.

10. Adjournment

The Chair entertained a motion to adjourn at 6:35 p.m. ET. The meeting adjourned with no objections.