[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: Cooperation with the STRATEGY project
|
FYI – We have been contacted by the EU STRATEGY project about the possible inclusion of OpenC2 in some upcoming EU crisis management use cases. Below I have included their original email and my response. We are working with OAISIS on the
proper way to interact (note STRATEGY is interested in many OASIS TC’s) but I thought I would get this out to everyone so they would know about it. If any of you have any insight into STRATEGY, feel free to respond on list with any answers you have to the questions I asked below. I propose we begin discussing STRATEGY use cases in TC working meetings, particularly in conjunction with
the OCA PACE and EU JCOP use cases we were already planning to document and discuss. My strategy, pending TC approval, would be to focus first
where our scopes overlap and where we have work in progress. Once we have a handle on the easy stuff, we would continue to areas where our scopes overlap but we need stuff we don’t currently have (eg actuator profiles needed for their use cases that we have
not yet started). Only after we are successful with the in-scope use cases would we consider expanding our scope to meet a need they might have that is not within our current scope (but near enough that the TC would
consider expanding our scope). I propose we crawl and walk first and defer any scope expansion until we are much further along on. I mention this because STRATEGY looks to be a quite ambitious project and I don’t want to outrun our headlights when there is
plenty of in scope work to tackle first. I don’t want to bog down on scope creep discussions just yet. Scope change is a fairly well defined OASIS process – but I expect it will take lots of discussion that I don’t think would be the best use of our time just
yet. -- Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/ From:
duncan sfractal.com <duncan@sfractal.com> Pertti, Thank you very much for alerting us to your activities. We look forward to working with you as I believe OpenC2 has a role to play in STRATEGY. I read your attachment, visited your website, and watched your youtube video (https://youtu.be/r3W_Grm8iMU).
I find it a fascinating project and want to help it succeed. I do have some questions that I’m guessing our membership will have.
Do you happen to know if any of your participants are from OASIS member organizations? If they are, I believe it would facilitate communication if they joined the OpenC2 TC. I included some OASIS headquarters personnel on the cc since they
may be able to assist us in common membership as well as keep us honest in proper liaisoning. I also included Mike Rosa on the cc. Mike is running uncontested to by my OpenC2 TC cochair at our next meeting. And I suspect his day job coordinating national security
standards for the US government would also be interested in STRATEGY. I’m guessing that you, as T4.4 leader, are interacting with many other OASIS TC’s as well (eg. CTI, CACAO, CSAF, OCA, Emergency Management, …). Would you be willing to share what other groups you are communicating with to help us understand
the landscape? For example if you are considering using OpenC2 in CACAO playbooks as part of an OCA PACE use case as part of critical infrastructure protection, then we all wouldn’t all need to repeat info about the others. But if you were using a different
playbook standard that we weren’t aware of, then we would need to work that into our own use cases to understand how OpenC2 works in your scenarios. What are the rules/procedures for participating in STRATEGY? Can the OpenC2 TC itself “participate”? It’s possible some of our membership would be interesting in participating directly. Is it open to people outside the EU? Does it cost
money to participate? … Where can we find out more about the 8 streams mentioned in the video? I assume the “critical infrastructure protection” and the “command & control” streams are most relevant to OpenC2 use cases – but it’s possible we play a role in the
cyber aspects of all 8. Will any of your information be available to us prior to publication? All of the eventual documents on
https://strategy-project.eu/project-outcomes/ look like they would be very informative. Any drafts currently available would assist us in understanding how we could help you. The O in OASIS is for
Open so we are very used to ‘seeing the sausage being made’, but we recognize not all SDO’s operate ‘in the open’. How do we find out more about your scenarios and use cases? I can speculate on potential use cases where OpenC2 would play a role, but I could be mistaken. Would you want us to formulate our views of potential use cases and supply them
to you? Or would you rather ‘go first’ and supply then to us for comment? Will your use cases include coordination with organizations outside the EU? Do you see your work being adopted beyond the EU? I’m asking that both as TC cochair but also because personally I’m involved with some X.1060 CDC work with a pan-African
organization. The video mentions a focus on first responders. Do you have a definition of first responders? I am particularly interested how you define first responders in the context of cyber attacks, and/or the cyber aspects of non-cyber emergency.
For example, are CDCs, SOCs, CSIRTs, CERTs, … considered first responders to a cyberattack? We look forward to working with you. I’d be happy to set up a meeting to talk more if you would be willing. Thank you again for reaching out to us. -- Duncan Sparrell sFractal Consulting LLC iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at http://vsre.info/ From:
Pertti Woitsch <pertti@woitsch.com> Dear Convenor and Secretary of OASIS Open Command & Control TC, I m approaching you as a representative of the EU-funded project STRATEGY, which addresses the need for interoperable crisis management solutions within the European framework. STRATEGY has mapped
existing standards in the crisis management domain to identify gaps and opportunities for improvement. Based on this, we are currently in the process of will selecting new and existing crisis management standards to be tested across eight crisis management streams:
STRATEGY is developing a set of use cases for each stream, verified by first responders and standardisation bodies. Then, the use cases and suggested standardisation items will be tested in simulated
disaster scenarios with first responders and civil protection bodies, through eight Table-Top Exercises (TTXs) and one Full-Scale Exercise (FSX). The vision of STRATEGY is to materialise the results of the project primarily into CEN-CENELEC Workshop Agreements
(CWA), but also aiming at a few Technical Specifications and possibly even a European Standard, enhancing interoperability in the EU crisis management domain. More details on the STRATEGY project and potential new standardisation items can be found in the
attached brochure and at https://strategy-project.eu/. The project is coordinated by Satways Ltd (Greece), and the consortium includes five national standardization bodies (ASI, ASRO, SFS, SIS and UNE). The leaders of the above-mentioned STRATEGY streams together with the NSB representatives allocated to each stream will soon be personally in touch with you to discuss their respective topics further
with you. We very much look forward to receiving the comments, input and and ultimately also the support of the disaster management standardisation community. For any questions or comments, please do not hesitate to contact the undersigned. Best regards, Pertti Woitsch Task Leader, T4.4 “Consultations with standardization bodies” CEO, Woitsch Consulting Oy Willebrandintie 1 B 5 |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]