(Note that I make the following assertions as a neophyte in well established ISO processes and understand many of you are well aware of what's required for success. I welcome any guidance on ISO/OASIS processes and critical thinking on the suggestions submitted below for consideration)
Strategic Objectives
The OASIS CTI TC needs many diverse sets of skills, at many levels, to move our collaborative technical, organizational, and stakeholder engagement agendas forward. Identifying and removing impediments to adoption is as important as the technical aspects of this initiative.
Our success and agility will rely on engaging as many talented people as we can in each of these key domains and skill sets. The process of recruitment and selection of Chairs, Co-Chairs of the TC, SCs, and Team leads for any Working Groups should include a specific long term strategy for defining the scope, internal/external focus, and primary objectives for each of these key roles. It should also identify any gaps in key Stakeholder Communities required for success and target outreach and engagement (in terms of OASIS CTI TC leadership roles, participating members, external partnerships, or as liaison to other standards based initiatives).
Tactical Objectives
If we agree with the proposition that our first tactical priority is establishing the teams to engage and complete the technical efforts required to transform the existing body of work into formal OASIS Standards, then suggest that we focus on this objective now.
As currently defined in the CTI TC Charter, a majority of these technical tasks will fall under each of the three OASIS CTI TC SCs (with overall coordination though the CTI TC). Therefore, would suggest that recruitment, nomination, and selection of these SC Chairs should be started ASAP so we can get these Teams organized and started on execution of tasks required to meet known near-term objectives. I don't know if anything prevents us from engaging in these deliberations now given the Charter was ratified(?).
By definition these teams will be initially composed of the SMEs from MITRE and the community members who have been actively engaged to bring CTI where it is today. Integrating people knowledgable in the OASIS processes required to provide normative specifications and the requirements for any related deliverables is equally important to success as is the overall leadership required to coordinate activities and empower these teams. We have key people already in leadership roles for each of the areas and their nomination to continue in these existing roles at least through the initial transition period would seem to be an effective strategy to help ensure continuity and momentum.
In parallel to these "internal" efforts to bring the CTI specifications to an OASIS baseline, we can then focus on the strategic objectives (internally and externally facing) as outlined above and look to ensuring diversity and representation as we enter the next phase of moving the OASIS CTI v1 baseline Standards forward.
In summary:
If not a violation of OASIS process, propose that we:
1) Engage now in discourse on nominations for each of the OASIS CTI TC Sub-Committee Chair/Co-Chairs as currently defined in the OASIS CTI TC Charter.
2) Add OASIS CTI TC Sub-Committess Chair/Co-Chair deliberation and Election(s) to the agenda of the initial OASIS CTI TC establishment meeting and CTI TC Chair/Co-Chair deliberations and Election(s).
Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104
pmaroney@specere.org
Sent: Thursday, June 11, 2015 12:01:28 PM
To: Peter F Brown
Cc: Aharon Chernin; Jordan, Bret; Carol Geyer; Chet Ensign; cti@lists.oasis-open.org; Richard Struse; Robin Cover; Scott McGrath; Terry MacDonald; tony@yaanatech.com; Trey Darley
Subject: RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
As a data point, in discussing adoption of STIX/TAXII with National Government CSIRTs and other large corporate international organizations, a US/DHS only way forward, has / is an inhibitor to formally using STIX/TAXII in
the recent past.
I am aware of some USG elements liking that we demonstrate a broad representation.
So, I endorse and support Rich, both for his leadership and technical passion as well as vision for this effort. And will bow to what the group decides.
But would heavily suggest that we have someone else assist Rich in his chair duties as his co-chair. This is more about perception and adoption than about substance/content. And no, I am not soliciting an academic. We
really need and want 'industry' (across the board) to use this.
Pete
Peter
F Brown ---06/11/2015 11:25:01 AM---+1 The significance only means something if we *make* it mean something.
From: Peter F Brown <peter@peterfbrown.com>
To: "tony@yaanatech.com" <tony@yaanatech.com>, Trey Darley <trey@soltra.com>, Peter Allor/Atlanta/IBM@IBMUS
Cc: Chet Ensign <chet.ensign@oasis-open.org>, Aharon Chernin <achernin@soltra.com>, Terry MacDonald <terry.macdonald@threatloop.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>,
"cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Richard Struse <Richard.Struse@hq.dhs.gov>, "Scott McGrath" <scott.mcgrath@oasis-open.org>, Robin Cover <robin@oasis-open.org>, Carol Geyer <carol.geyer@oasis-open.org>
Date: 06/11/2015 11:25 AM
Subject: RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
+1
The significance only means something if we *make* it mean something.
I understand that there might be concern about an OASIS TC being seen just to do DHS’s bidding. However, expanding on what Tony rightly says, there are many TCs where there are initial worries that one party (public, private, research, not-for-profit) is set to run the show – but the nature of the open process, transparency, and engagement from all sides will do more to “disappear” that myth than any “fix”.
This is not an argument against co-chair(s) per se: just that, if we need such a role, it will become apparent quickly enough.
All the best,
Peter
From: Tony Rutkowski [mailto:tony@yaanatech.com]
Sent: 11 June, 2015 08:11
To: Trey Darley; Peter Allor; Peter F Brown
Cc: Chet Ensign; Aharon Chernin; Terry MacDonald; Jordan, Bret; cti@lists.oasis-open.org; Richard Struse; Scott McGrath; Robin Cover; Carol Geyer
Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
The world of international technical committees in
this sector contains numerous examples of chairs
from government agencies. Furthermore, Rich
is rather more than an agency representative in
this context. From both a substantive perspective
as well as effective leadership and "messaging,"
his chair position is important.
As someone who leads the ETSI equivalent activity,
(and formerly led the equivalent in ITU-T) Rich's
chair position probably enhances the global
assimilation of the CTI suite.
--tony
On 2015-06-11 10:45 AM, Trey Darley wrote:
-
<snip>
However, I suggest the following, especially for us 'Americans' to consider. We need to have another individual as a co-chair. Simply put, to not be something that OASIS is adopting only for the US Department of Homeland Security (DHS).
</snip>
--
________________________________
Anthony Michael Rutkowski
EVP, Industry Standards & Regulatory Affairs
________________________________
Yaana Technologies LLC
542 Gibraltar Drive
Milpitas CA 95035 USA