Very useful. However you have simply confirmed:
1) that the USG at this point doesn't have a clue
2) the solution being pursued is purely domestic
This particular need is one that has been discussed
internationally for several years, and is explicitly
before ETSI TC CYBER. To quote the famous
title of the funky Mike Rowe CNN program -
Somebody has to do it. And as the designated
rapporteur in ETSI for finding an answer, saying
that DHS is thinking about the answer is not
going to be satisfactory outside the U.S.
This is a classic distributed registry requirement
that has existed in the context of countless platforms
over the years. The best known one in the IETF is
the Enterprise ID - which was originally done for
directory/MIB purposes and is itself an implementation
of a portion of the OID registry. See
Certification is another matter and vastly more complex.
However, simply establishing a registry for discover is
trivially simple. But...somebody has to do it. And, the
solution needs to be global, open, network based, and
simple with low overhead.
This will definitely be on the table at the upcoming
TC CYBER meeting in three weeks.
On 2015-06-02 11:01 PM, Peter Allor wrote:
For the RFP, see attached below.
For the RFC:
DEPARTMENT OF HOMELAND
[Docket No. DHS–2015–0017]
Notice of Request for Public Comment
Regarding Information Sharing and
AGENCY: Office of Cybersecurity and
Communications, National Protection
and Programs Directorate, Department
of Homeland Security.
ACTION: Request for Public Comment.
SUMMARY: This Notice announces a
public comment period to allow input
from the public on the formation of
Information Sharing and Analysis
Organizations (ISAOs) for cybersecurity
information sharing, as directed by
Executive Order 13691. DHS is
soliciting public comments and
questions from all citizens and
organizations related to the provisions
of E.O. 13691 ‘‘Promoting Private Sector
Cybersecurity Information Sharing’’ of
February 13, 2015. The purpose of this
request for comment is to gather public
input and considerations related to
DHS’ public engagements and
implementation of E.O. 13691 including
the selection of a ‘‘standards
organizations’’ and approved activities
of the selected standards organization.
DATES: The comment period will be
held until July 10, 2015. See
SUPPLEMENTARY INFORMATION section for
the address to submit written or
Specific Comments Sought
Individuals and organizations
providing comment to this DHS request
are requested to address the following
questions during this open comment
period. However, all comments related
to E.O. 13691 will be accepted. As such,
submitted comments are not required to
address the following five questions to
receive due consideration by the
Government. At the conclusion of this
comment period a DHS will compile
and address these comments to the
extent practicable in a document which
will be made broadly available and may
result in further dialog via this forum or
1. Describe the overarching goal and
value proposition of Information
Sharing and Analysis Organizations
(ISAOs) for your organization.
2. Identify and describe any
information protection policies that
should be implemented by ISAOs to
ensure that they maintain the trust of
3. Describe any capabilities that
should be demonstrated by ISAOs,
including capabilities related to
receiving, analyzing, storing, and
4. Describe any potential attributes of
ISAOs that will constrain their
capability to best serve the information
sharing requirements of member
5. Identify and comment on proven
methods and models that can be
emulated to assist in promoting
formation of ISAOs and how the ISAO
‘‘standards’’ body called for by E.O.
13691 can leverage such methods and
models in developing its guidance.
6. How can the U.S. government best
foster and encourage the organic
development of ISAOs, and what should
the U.S. government avoid when
interacting with or supporting ISAOs?
7. Identify potential conflicts with
existing laws, authorities that may
inhibit organizations from participating
in ISAOS and describe potential
remedies to these conflicts.
8. Please identify other potential
challenges and issues that you believe
may affect the development and
maturation of effective ISAOs.