Meeting of the ARIN Board of Trustees - 4 August 2022
- Bill Sandiford, Chair
- Tina Morris, Vice Chair
- Bram Abramson, Trustee
- Nancy Carter, Treasurer
- John Curran, President & CEO
- Peter Harrison, Trustee
- Catherine Middleton, Trustee
- Michael Abejuela, General Counsel, Secretary
- Alyssa Arceneaux, Executive Coordinator, Scribe
- Einar Bohlin, Vice President, Government
- Richard Jimmerson, COO
- Christian Johnson, Vice President, Information Security
- Brian Kirk, CFO
- Therese Simcox, Sr. Executive Assistant
- John Sweeting, CCO
1. Welcome, Agenda and Conflict of Interest Review
The Chair called the meeting to order at 10:54 am PT. No conflicts of interest were disclosed.
2. Approval of the Minutes
The Chair noted that since the last two business meetings were so close together in time, there were edits made by two Board members since the time of the sending of the Board meeting materials for this current meeting. He further noted that we are approving the version of the July 18 minutes that include the edits by both Board members.
It was moved by John Curran; and seconded by Catherine Middleton; that:
“The ARIN Board of Trustees approves the Minutes of July 18, 2022, as amended.”
The Chair called for a discussion. There was none.
The motion approved carried with no objections.
3. ARIN Committee Reports
Compensation Committee. The Chair noted that there is nothing to report but that additional information would be provided to the President during the Executive Session.
Governance Committee. The Committee Chair had nothing to report.
Mailing List AUP Committee. The Committee Chair had nothing to report.
Nominations Committee. The Committee Chair stated that they are in the process of evaluating the Board candidates and will move into evaluating AC Candidates next week. The Committee continues to build a list of possible process improvements for 2023.
Risk and Cybersecurity Committee. The Committee Chair stated there was an upcoming meeting on Monday, August 8, where the action items would be discussed.
Finance Committee. The Committee Chair stated that there has not been a committee meeting since the last Board meeting but that she is working with the CFO for a schedule of meetings for the rest of the year.
4. ARIN Quarterly Reports.
The Chair presented each report.
Activity Report (Exhibit B): The President went through the activity for the second quarter. The President noted that ARIN is on track for all tasks in the 2022 activity plan with one exception to governance activities, that delay is due to the AFRINIC situation.
Management Report (Exhibit C): The President stated that ARIN is on track with most items, with the exception of RIR governance activities and potential risk with the SOC 2 Type 1 certification process for RPKI. This item may prove to be a challenge to meet the deadline given that this is our first time going through this process.
Technical Debt Report (Exhibit D): The President stated ARIN is making good progress and pointed out that the report has been reformatted, with the Dashboard appearing first. He did note that we are little behind on upgrades to the ARIN platform but that should be completed during Q3. He pointed out that the Hive upgrades, which is the internal management platform for RSD and FSD, are very labor-intensive and will take time. He did note that going into 2023, ARIN may focus more resources on these internal tools as historically they have not received much attention.
Mr. Harrison referred to a previous outage with NetApp use. The COO explained that leadership structure changes and upgrades to our infrastructure have mitigated the prior high-risk nature of that area of operations. He also noted that ARIN has migrated to solutions provided by other vendors for better tooling and more budget-friendly pricing. This information is not tracked on this particular report, but is noted within the quarterly Management Report. The COO assured the Board that the previous NetApp issues have been mitigated.
Ms. Middleton asked about patch management. The VP of Cybersecurity and Information stated that all individual workstations and externally facing services receive priority patching. Some of our internally facing systems are slower in patch prioritization. ARIN is in the middle of penetration testing/audit and will begin with larger vulnerabilities moving onto the lower systems. It was noted by the COO that we over-report to the Board in this area by indicating trailing patch activity where other companies would likely report a fully green condition to their Boards at our status level.
The President agreed to make the chart more business intelligible oriented on ARIN’s main applications and less raw information.
Risk Register (Exhibit E): The President presented the new Risk Register and went through the top three risks for the Board, and talked about the risks that are on the rise and the mitigation strategies for addressing those risks.
The Chair asked how ARIN is ‘pushing hard’ on IPv6. The President talked about speaking engagements, that Ipv6 appears on our website, and that the only things we do not have are that there are no direct financial or policy incentives. The Chair asked if the Board could be provided a summary of what ARIN is doing within the realm of outreach. The CCO stated that all presentations given at outreach events are required to start with slides on IPv6 and ARIN Membership, the first slide is encouraging IPv6 deployment. There was discussion about policies for promoting IPv6 and their effectiveness.
The Chair asked for further discussion on IPv6 on a future Board agenda.
5. 2022 Grant Program
The President reported that the Grant Committee received 14 applications and the Committee reviewed them. Mr. Harrison noted that the ARIN staff worked to make the process seamless for the volunteer committee members and that it ran smoother in 2022 than any previous year. After discussions, the Grant Committee moved forward with the recommendation to fund 3 projects, as presented to the Board during this business meeting.
It was moved by John Curran, and seconded by Peter Harrison; that:
“The ARIN Board of Trustees approves of funding the recommended grants.”
The Chair asked if conflicts of interest are considered. The President stated that yes, they were. The Treasurer did ask about the discrepancy between 19 applications and only 14 applications receiving full review. It was explained that the Committee did reach out but there were missed connections, missed deadlines, and a lack of communication from some applicants.
The Board unanimously approved the funding of the recommended grants.
6. AC Recommended Revision to the ARIN Policy Development Process (PDP)
The President explained that the Board must approve this new version of the process document that has been fully reviewed and discussed by the Advisory Council for it to replace the currently published PDP. He noted that these changes do not materially change the process, but makes language alignments and process flow improvements. The Board could approve the changes put forth by the Advisory Council today, but the President recommends the Board first direct the CEO to send it to the community for consultation before the Board considers it for final approval.
It was moved by John Curran, and seconded by Tina Morris; that:
“The ARIN Board of Trustees directs the CEO to conduct a community consultation on the recommended revision to the Policy Development Process and report back to the Board once completed.”
The Chair called for discussion. The Chair asked if legal has reviewed; the General Counsel said yes. Ms. Morris explained that this was about 2 years’ worth of work that the Advisory Council has done on this document. Ms. Middleton and Ms. Carter have some editorial changes and were directed to send those into staff. Mr. Harrison asked a question if this would be the document asking for the use of red lined documents. The President stated that yes this would be the place, but the Advisory Council would need to discuss that with the community.
The motion carried unanimously with all in favor.
7. General Counsel Update.
The General Counsel provided an attorney-client privileged update on legal matters to the Board.
8. Open Action Item List.
The President provided an update on the action item list to the Board. No concerns were raised.
9. Any Other Business.
The Chair asked for any other business. The President relayed he had two additional items.
Adoption of new Registration Services Agreement (RSA) version. It was moved by John Curran, and seconded by Peter Harrison; that:
“The ARIN Board of Trustees adopts a new version of the ARIN Registration Services Agreement (RSA), as specified.”
The President reinforced the discussion from the workshop yesterday and that this does not change ARIN’s legal position. Ms. Morris asked when this would go out, and the President stated in the next few weeks.
The motion carried with one abstention.
Legacy Fee Cap for New Signatories of Registration Services Agreement (RSA). It was moved by John Curran, and seconded by Catherine Middleton; that:
“The ARIN Board of Trustees ends offering the Legacy Fee Cap for all new signatories of the LRSA after the date of 31 December 2023.”
The Motion carried unanimously with all in favor.
October Board Meeting. The COO asked the Board about meeting in October during the NANOG and ARIN 50 meeting in Hollywood, CA. The Board agreed to hold space from 2:00 – 6:00 PM PT on Wednesday, 19 October.
The Board broke for lunch at 12:55 pm PT.
10. Executive Session.
The Board entered an executive session at 1:15 pm ET.
A motion to adjourn was made at 2:05 pm PT by Nancy Carter and seconded by Tina Morris. The motion carried unanimously.