Good discussions regarding leadership, very healthy.
A couple of points regarding OASIS processes and transparency.
There is one set of rules for all TCs,
posted online on the OASIS website, and I’d draw attention particularly to the IPR Policy and TC Process. “Chatham House” rules don’t apply. Every person is responsible for what they say and bring
to the table; no exceptions.
Also, be careful with those automated signature lines at bottom of messages with confidentiality or other disclaimers. ALL mail sent to any OASIS TC list is publicly
accessible and archived; again, no exceptions.
I’m not a lawyer but everyone needs to be aware of the (excellent) processes within which OASIS work proceeds.
All the best,
Peter F Brown
”Using Information Technologies to Empower and Transform”
200 S Barrington Ave., #49719
CA 90049, USA
From: Doug DePeppe [mailto:email@example.com]
Sent: 12 June, 2015 09:49
To: 'Salwen, Jonathan E.'; 'Joep Gommers'; 'Peter Allor'
Cc: Peter F Brown; 'Aharon Chernin'; 'Jordan, Bret'; 'Carol Geyer'; 'Chet Ensign'; firstname.lastname@example.org; 'Richard Struse'; 'Robin Cover'; 'Scott McGrath'; 'Terry MacDonald'; email@example.com; 'Trey Darley'
Subject: RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
Late to this discussion (and recent member addition), but I endorse Pete’s views. Perceptions about alliances and agendas would be counter-productive. I agree
there’s a need for a private sector co-leader, as well as global leadership representation.
Governance and Chatham House-type rules would help, as transparency really matters. But additionally, ‘who’ is equally important to ‘how’ in building trust.
And, sometimes the Who can either be someone who’s established a reputation for trustworthiness and fair dealing, and/or someone who is not perceived as threatening because he/she is not affiliated with a large, multinational corporation.
My 2 cents. Looking forward to contributing and getting to know everyone.
Douglas M. DePeppe | Cyberlaw Attorney | LLM, JD
EosEdge Legal | A Cyberlaw and Services Firm
Cyberlaw at Catalyst Campus | 559 E. Pikes Peak Ave. Suite 101
Colorado Springs, CO 80903
Direct 719.357.8025 | c 703.283.2349
Skype ID: doug.depeppe | www.eosedgelegal.com
My Homepage www.cyberjurist.net
This electronic mail transmission and any attachments contain information belonging to the sender which may be confidential and legally privileged. This information
is intended only for the use of the individual or entity to whom this electronic mail transmission was sent as indicated above. If you are not the intended recipient, any disclosure, copy, distribution, or action taken in reliance on the contents of the information
contained in this transmission is strictly prohibited. If you have received this transmission in error, please immediately inform me by email and delete the message. Thank you.
+1 for Rich on Chair for 1 year term.
The MITRE Corp.
202 Burlington Rd
Bedford MA 01730
+1 for Rich on chair. We could def use industry as co-chair minimally. Although the work so far has been fantastic, it does often lack some real world application to market (which is different as real world implementation,
which also needs attention). Having European involvement for example chairing subgroups would help keep it alive and kicking. Even though we're basically road showing around Europe on behalf of STIX and TAXII, the implementors out here are pushing back hard
due to implementation complexity. Having extra goodwill out here will make allot of difference.
Lastly we need a chair or cochair with significant time investment, Bret has shown he can invest this time and I like the no nonesence and lets go attitude. +1 there
As a data point, in discussing adoption of STIX/TAXII with National Government CSIRTs and other large corporate international organizations, a US/DHS only way forward,
has / is an inhibitor to formally using STIX/TAXII in the recent past.
I am aware of some USG elements liking that we demonstrate a broad representation.
So, I endorse and support Rich, both for his leadership and technical passion as well as vision for this effort. And will bow to what the group decides.
But would heavily suggest that we have someone else assist Rich in his chair duties as his co-chair. This is more about perception and adoption than about substance/content. And no, I am not
soliciting an academic. We really need and want 'industry' (across the board) to use this.
<graycol.gif>Peter F Brown ---06/11/2015 11:25:01 AM---+1 The significance only means something if we *make* it mean something.
Peter F Brown <firstname.lastname@example.org>
"email@example.com" <firstname.lastname@example.org>, Trey Darley <email@example.com>, Peter
Chet Ensign <firstname.lastname@example.org>, Aharon Chernin <email@example.com>, Terry MacDonald <firstname.lastname@example.org>,
"Jordan, Bret" <email@example.com>, "firstname.lastname@example.org" <email@example.com>, Richard Struse <Richard.Struse@hq.dhs.gov>,
"Scott McGrath" <firstname.lastname@example.org>, Robin Cover <email@example.com>, Carol Geyer <firstname.lastname@example.org>
06/11/2015 11:25 AM
RE: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
The significance only means something if we *make* it mean something.
I understand that there might be concern about an OASIS TC being seen just to do DHS’s bidding. However, expanding on what Tony rightly says, there are many TCs where there are initial
worries that one party (public, private, research, not-for-profit) is set to run the show – but the nature of the open process, transparency, and engagement from all sides will do more to “disappear” that myth than any “fix”.
This is not an argument against co-chair(s) per se: just that, if we need such a role, it will become apparent quickly enough.
All the best,
From: Tony Rutkowski [mailto:email@example.com]
Sent: 11 June, 2015 08:11
To: Trey Darley; Peter Allor; Peter F Brown
Cc: Chet Ensign; Aharon Chernin; Terry MacDonald; Jordan, Bret;
firstname.lastname@example.org; Richard Struse; Scott McGrath; Robin Cover; Carol Geyer
Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC,
The world of international technical committees in
this sector contains numerous examples of chairs
from government agencies. Furthermore, Rich
is rather more than an agency representative in
this context. From both a substantive perspective
as well as effective leadership and "messaging,"
his chair position is important.
As someone who leads the ETSI equivalent activity,
(and formerly led the equivalent in ITU-T) Rich's
chair position probably enhances the global
assimilation of the CTI suite.
On 2015-06-11 10:45 AM, Trey Darley wrote:
However, I suggest the following, especially for us 'Americans' to consider. We need to have another individual as a co-chair. Simply put, to not be something that OASIS is adopting only for the US Department of Homeland
Anthony Michael Rutkowski
EVP, Industry Standards & Regulatory Affairs
+1 703 999 8270
Yaana Technologies LLC
542 Gibraltar Drive
Milpitas CA 95035 USA