OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Fwd: [staff-bizdev] FYI about Draft RFCs: ISAO SO Documents Posted for Comment

Hi Chet,

As we all know, it is difficult to stop funding
when the activity is ensuing entirely on the basis
of an Executive Order - even if it was perhaps not
well considered, and now essentially superseded.
It's worth noting Bob Dix's related blog posting
on this subject on the AFEA site.  Bob is well known
to those in the cyber security community over
many years.

Bob's observations are also relevant on the
larger international stage where some of us
are significantly engaged.  The European Union's
NIS Directive is in many ways similar to the U.S.
Cybersecurity Act, and most nations around the
world have cybersecurity threat sharing initiatives.

The continuance of a non-substantive isao.org
activity creates confusion and is not helpful to
reconciling common global cyber security
information sharing needs.  Conversely, OASIS'
TC CTI work is central to those needs - and is
what deserves enhanced focus and resources.

To put these admonitions into practice, attached
is a presentation made at the most recent ETSI
TC CYBER meeting that analyzes both the U.S.
Act and the EU NIS to extract the articulated
constructs, models, entities, interfaces, and
information exchange expressions.   The objective
is to facilitate convergence and the sharing of
scarce global resources as the rapporteur for
several related TC CYBER work items.


On 2016-05-06 8:38 AM, Chet Ensign wrote:
Hi Tony - that's a good question - two actually. 

I've copied Jamie. He may have a better feel for the interplay between the effects of the act and the ISAO. Since the DHS is continuing to fund the operation of the ISAO, I'm guessing it doesn't see it as superseded. 

As to substantive, I am no expert. That's why I thought the best course of action was to share it with all of you. To me, on skimming, these look more like statements of principles and requirements. But I didn't want to assume that the material isn't relevant. 


Attachment: CYBER(16)006022_Cyber_Threat_Sharing_Developments.pptx
Description: application/vnd.openxmlformats-officedocument.presentationml.presentation

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]