update on CTI specs meeting the EU NIS Directive

[Tony Rutkowski <tony@yaanatech.com>]

Rich et al,

The EU NIS Directive - which is the principal
organic law across EU Members - was published
late last month.  It defines how cyber threat
information sharing is implemented across Europe.

At last week's ETSI TC CYBER plenary meeting,
the technical report on threat information sharing
which underscores the importance of the CTI platforms
for meeting the NIS Directive obligations, was approved
and will shortly be published.

At the same meeting, a new work item explicitly focussed
on the standards for implementing the NISD obligations
was initiated.  It was supported by the European Commission
representative present.  This is *really* important to position
the CTI specs as the fundamental mechanisms for cyber threat
sharing in Europe.  The existence of a formal MoU between
ETSI and OASIS (and explicitly between TC CYBER and TC CTI)
facilitates recognition for this purpose.

All of those going to meetings offshore - especially in Europe -
should be aware of these legal/regulatory basics and help
support the effort here.

best,
tony