[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Request to form Liaison with ISO/IEC JTC 1/SC 27/WG 1
OASIS EM Adoption TC Members, On Thursday 30 Apr, I was able to speak directly with Charles Provencher to discuss this request from his Working Group 1 (within SC 27 of the ISO/IEC JTC1). Abbie Barbir from Nortel had forwarded the attached documents to my attention. After speaking with Charles Provencher, I believe that it makes sense for the OASIS Emergency Management Adoption TC to request Category C Liaison with SC 27. The purpose of the liaison with the EM Adoption TC would be to facilitate information exchange as to the need which the SC 27 / WG 1 has to develop a profile of the CAP (and possibly EDXL-DE) for use in exchanging IT Security Information for Inter-Sector communications about critical infrastructures. OASIS has facilitated such liaisons with other ISO and ISO/IEC JTC1 groups. As Charles Provencher indicated in his email, the SC 27 working groups are meeting next week in China to further discuss this plan. It would facilitate this activity if they were to receive acknowledgement from our new TC that we wish to pursue the establishment of the Category C liaison. Therefore, I will bring a motion before the TC today that we agree to request OASIS Staff support in establishing a Category C Liaison with SC 27. Please see this relevant section of the OASIS Liaison Policy for guidance on this process. http://www.oasis-open.org/committees/liaison_policy.php#liaisons Such liaison will require that at least one person be a member of both groups. If we have an existing member who wishes to pursue membership through their country's Head-of-Delegation, that would work. Otherwise, we can ask someone already on the SC27 / WG1 to become an OASIS Member and participate in the EM Adoption TC. Any comments? Best regards, Patrick Gannon President & COO Warning Systems, Inc. +1 256 880 8702 x104 (office) +1 256 468 4055 (mobile) +1 978 458 7478 (home-office) -----Original Message----- From: Charles Provencher [mailto:cprovencher@provencher.net] Sent: Monday, April 27, 2009 12:54 PM To: Patrick Gannon; bpoletti@deloitte.lu Cc: abbieb@nortel.com; THOMAS FERRENTINO; Krystyna Passia Subject: Re: ISO/IEC JTC 1/SC 27/WG 1 N17607 Good day all, Note I'm speaking for Benoit and myself, co-editors SC27 has launched a project/standard numbered ISO/IEC 27010, currently named "Information Security Management for Inter-Sector Communications"; the name is to be reviewd in Beijing next week, to be more contextual to what it addresses, 1) which is communications for organizations working in sectors of critical infrastructure, and 2) formal communication of "IT security information" between authenticated organizations. The base concept is similar to what FIRST is doing for its members, but we would be going farther in the communications side, while not offering a central coordination such as FIRST. Organizations would commnicate securely and effectively using an advanced template ( ex: OASIS CAP), but it's up to them or their governments as to how agreements are established, for example in Canada, it would probably be the Department of Public Safety Canada, but in the energy sector, NERC could/would play a central role for the electrical grid. This standard once published should be a formal communications channel between organizations within a given sector (ex. energy, telecom, financial, etc (we have 10 sectors identified, based on the Canadian model)), either in one country or spanning many countries. It should also do the same for communications between different sectors in a country or many countries. At the point were many sectors in a country communicate we've found that the government of that country is involved and governments play a proxy role among themselves to cover for example a continent. Currently a major concern is SCADA that covers many "critical infrastructure" sectors over many countries. Another issue we're seeing is the way governments do not like that organizations like ISOor ITU may provide direction in establishing "work help" methods in facilitating communication when it comes to critical infrastructure. (I am being honest as to set a straight picture!). To some countries, critical infrastructure is the government's jusrisdiction, without outside influence. Where the OASIS CAP is of importance to us is in the use of a mature communications protocol to communicate "IT security" information to authenticated organizations, similar to Annex A (DHS Warning). What we were considering was possibly adding an "IT Security Profile", given what the various contents would be, such classification or description or proposed solutions or... Such content type would be decided as we move along in the evolution of the standard with the contributions of various participants such as OASIS or FIRST or Govts or... We would obviously ask OASIS to approve what we wanted to do. So we were going to ask that you liaise with SC27, specifically with WG1 (Management Working Group) to contribute to this project; it's just that we needed some consensus from the members working on this project/standard at the Beijing meeting. As a member of the Canadian SC27 pointed out, Canada would be very partial for 27010 to adopt OASIS CAP V1.1 or a specific version (with IT Security Profile), as Canada recognizes this protocol for alerts and warnings. should you want to express an interest in seeking a "Category C" Laison with SC27 while we are sitting in Beijing, meeting 4-8 May and plenary 11-12 May, you are more than welcome to do so, and in fact it would help us if it were sooner than later. This can easily be done by sending a Cat C liaison request to our Secretariat (Krystyna Passia, email bellow), the sooner the better. I trust this is a good base explanation and I look forward to any comments or questions you may have. Best regards, Charles Provencher Co-Editor 27010; HoD for Canada to SC27 Charles Provencher, Montreal, Canada. cprovencher@provencher.net / cpprovencher@yahoo.com ----- Original Message ---- From: Patrick Gannon <pgannon@warningsystems.com> To: bpoletti@deloitte.lu; cprovencher@provencher.net Cc: abbieb@nortel.com; THOMAS FERRENTINO <tferrentino@verizon.net> Sent: Monday, April 27, 2009 9:59:26 AM Subject: FW: ISO/IEC JTC 1/SC 27/WG 1 N17607 Dear Benoit Poletti and Charles Provencher, Members of the OASIS Emergency Management Adoption TC were recently made aware of the work of the ISO/IEC JTC1 SC27 WG1 related to the above referenced adoption proposal of the Common Alerting Protocol (CAP) OASIS Standard. Would you be so kind as to provide us with information on the goals of WG1 with respect to CAP? Then we can aid in establishing any needed liaisons between the respective organizations. Best regards, Patrick Gannon President & COO Warning Systems, Inc. +1 256 880 8702 x104 (office) +1 256 468 4055 (mobile) +1 978 458 7478 (home-office) e)
N7607_Proposed_outline_27010-2_V1_3_20090413.pdf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]