We are still very much in the early adopter and initial hype phase for this technology. We have a lot of work ahead of us to get across the chasm, and the team really needs leaders at the TC level and the working groups level that can allocate enormous amounts of time and that represent a broad collection of the community.
If we want this effort to truly be successful, then individual organizations and entities that are trying to use it, need to be successful. Sometimes this means helping them to see and compute the ROI and long term benefits from using it and sometimes it means making the standard easier to use or do more things. We as a TC need to take the time to understand their pain points and then take that feedback and drive solutions within the standard.
In addition to my community and customer outreach and consulting in regard to STIX and TAXII, I have been investigating what other vendors are trying to do with it, and have started writing my own open source implementation (I am doing this to get a feel for what integrators are dealing with). These three efforts have give me a very interesting perspective on the issues people are facing and things we need to do to help make them successful.
Things I would love to see come out of our standards work within 18-24 months:
* at least 30 major vendors using STIX and TAXII in their main product lines
* at least 10 new startups become highly successful because of STIX and TAXII
* hundreds of apps on the various App Stores that can interact with STIX and TAXII data
* sharing outside of niche eco-systems that works with data-marking and handling restrictions
* at least 10 of the major OSI repos delivering their feeds via STIX and TAXII
* desperate products in the network communicating with each other over STIX and TAXII
* solutions to prevent repo poisoning and source verification of intel
* API support in more programming languages
* database examples and prototypes to aid rapid development and solutions by startups and open source developers
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
On Jun 12, 2015, at 07:58, Joep Gommers <joep@intelworks.com> wrote:<graycol.gif>I’ll sponsor a hut with wifi for Bret, maybe others can pitch in some bread, water, magazines and a plane ticket to Europe?
From: Terry MacDonald <terry.macdonald@threatloop.com>
Date: Friday, June 12, 2015 at 2:11 PM
To: Peter Allor <pallor@us.ibm.com>
Cc: Trey Darley <trey@soltra.com>, Aharon Chernin <achernin@soltra.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>, Carol Geyer <carol.geyer@oasis-open.org>, Chet Ensign <chet.ensign@oasis-open.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Peter F Brown <peter@peterfbrown.com>, Richard Struse <Richard.Struse@hq.dhs.gov>, Robin Cover <robin@oasis-open.org>, Scott McGrath <scott.mcgrath@oasis-open.org>, Terry MacDonald <terry.macdonald@threatloop.com>, "tony@yaanatech.com" <tony@yaanatech.com>
Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
Sounds like a description of Bret.....except 2 :).
Cheers
Terry MacDonald | STIX, TAXII, CybOX Consultant
Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.
On 12 June 2015 at 18:43, Peter Allor <pallor@us.ibm.com> wrote:
Trey,
I think you and I are really close.
Point:
0) YES
1) Yes
2) Preferred, not mandatory
3) ABSOLUTELY
Pete
(best for me to be 'Pete' and Peter Brown to be "Peter")
<graycol.gif>Trey Darley ---06/12/2015 04:35:30 AM---Hey, Pete - Note that I specified "an academic-cum-actual security researcher with dirt under their
From: Trey Darley <trey@soltra.com>
To: Peter Allor/Atlanta/IBM@IBMUS, Peter F Brown <peter@peterfbrown.com>
Cc: Aharon Chernin <achernin@soltra.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>, Carol Geyer <carol.geyer@oasis-open.org>, "Chet Ensign" <chet.ensign@oasis-open.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Richard Struse <Richard.Struse@hq.dhs.gov>, "Robin Cover" <robin@oasis-open.org>, Scott McGrath <scott.mcgrath@oasis-open.org>, Terry MacDonald <terry.macdonald@threatloop.com>, "tony@yaanatech.com" <tony@yaanatech.com>
Date: 06/12/2015 04:35 AM
Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
Hey, Pete -
Note that I specified "an academic-cum-actual security researcher with dirt under their fingernails", not merely an academic. Nor am I against a private-sector co-chair, but "preferably _not_ a vendor".
The point is, if we agree on the need for a co-chair, here are the essential qualifications:
0) someone practical
1) someone neutral
2) someone non-US
3) someone that isn't going to drive Rich crazy (ie, compatible personalities == enhanced collaboration)
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
Soltra | An FS-ISAC & DTCC Company
www.soltra.com
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Peter Allor <pallor@us.ibm.com>
Sent: Thursday, June 11, 2015 18:01
To: Peter F Brown
Cc: Aharon Chernin; Jordan, Bret; Carol Geyer; Chet Ensign; cti@lists.oasis-open.org; Richard Struse; Robin Cover; Scott McGrath; Terry MacDonald; tony@yaanatech.com; Trey Darley
Subject: RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
As a data point, in discussing adoption of STIX/TAXII with National Government CSIRTs and other large corporate international organizations, a US/DHS only way forward, has / is an inhibitor to formally using STIX/TAXII in the recent past.
I am aware of some USG elements liking that we demonstrate a broad representation.
So, I endorse and support Rich, both for his leadership and technical passion as well as vision for this effort. And will bow to what the group decides.
But would heavily suggest that we have someone else assist Rich in his chair duties as his co-chair. This is more about perception and adoption than about substance/content. And no, I am not soliciting an academic. We really need and want 'industry' (across the board) to use this.
Pete
Peter F Brown ---06/11/2015 11:25:01 AM---+1 The significance only means something if we *make* it mean something.
From: Peter F Brown <peter@peterfbrown.com>
To: "tony@yaanatech.com" <tony@yaanatech.com>, Trey Darley <trey@soltra.com>, Peter Allor/Atlanta/IBM@IBMUS
Cc: Chet Ensign <chet.ensign@oasis-open.org>, Aharon Chernin <achernin@soltra.com>, Terry MacDonald <terry.macdonald@threatloop.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Richard Struse <Richard.Struse@hq.dhs.gov>, "Scott McGrath" <scott.mcgrath@oasis-open.org>, Robin Cover <robin@oasis-open.org>, Carol Geyer <carol.geyer@oasis-open.org>
Date: 06/11/2015 11:25 AM
Subject: RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
+1
The significance only means something if we *make* it mean something.
I understand that there might be concern about an OASIS TC being seen just to do DHS’s bidding. However, expanding on what Tony rightly says, there are many TCs where there are initial worries that one party (public, private, research, not-for-profit) is set to run the show – but the nature of the open process, transparency, and engagement from all sides will do more to “disappear” that myth than any “fix”.
This is not an argument against co-chair(s) per se: just that, if we need such a role, it will become apparent quickly enough.
All the best,
Peter
From: Tony Rutkowski [mailto:tony@yaanatech.com]
Sent: 11 June, 2015 08:11
To: Trey Darley; Peter Allor; Peter F Brown
Cc: Chet Ensign; Aharon Chernin; Terry MacDonald; Jordan, Bret; cti@lists.oasis-open.org; Richard Struse; Scott McGrath; Robin Cover; Carol Geyer
Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
The world of international technical committees in
this sector contains numerous examples of chairs
from government agencies. Furthermore, Rich
is rather more than an agency representative in
this context. From both a substantive perspective
as well as effective leadership and "messaging,"
his chair position is important.
As someone who leads the ETSI equivalent activity,
(and formerly led the equivalent in ITU-T) Rich's
chair position probably enhances the global
assimilation of the CTI suite.
--tony
On 2015-06-11 10:45 AM, Trey Darley wrote:<snip>
However, I suggest the following, especially for us 'Americans' to consider. We need to have another individual as a co-chair. Simply put, to not be something that OASIS is adopting only for the US Department of Homeland Security (DHS).
</snip>
--
________________________________
Anthony Michael Rutkowski
EVP, Industry Standards & Regulatory Affairs
tony@yaanatech.com
+1 703 999 8270
________________________________
Yaana Technologies LLC
542 Gibraltar Drive
Milpitas CA 95035 USA