[KI-LC] Kantara support for CCSA
joni at ieee-isto.org
Thu May 30 13:19:32 CDT 2013
Thank you for raising this discussion and providing very good detail. I
believe we have an appropriate Board and ARB sub-committee who could action
this well and perhaps help us to ensure attendance at the next event. It
certainly sounds like a good opportunity to put the Kantara program and
surrounding organizational architecture to good use.
I will next take this to a small sub team which we, of course, invite you
to join to determine plan of action.
If others on the LC are very interested to participate in the action
sub-team please advise me directly.
On Thu, May 30, 2013 at 12:32 AM, Patrick Curry <
patrick.curry at clarionidentity.com> wrote:
> Dear all,
> For the last 2 days, I have facilitated another planning meeting hosted
> and supported by the EU, with participants from EU, NATO, UN and government
> & industry organisations from 22 nations. TMForum also participates.
> Organisations from over 30 nations have asked to be involved and the
> number is growing. The purpose was to take forward the Information
> Sharing Framework (ISF) for Collaborative Cyber Situational Awareness
> (CCSA), (whose origins came from MNE7 - a 15 nation collaborative project),
> and to form an organisational structure to enable implementation and
> operation, for which there is a Strawman document. The draft ISF is
> attached. If a new organisation is formed, its provisional name is MACCSA
> - Multinational Alliance for CCSA.
> The ISF defines a number of capabilities to enable information sharing for
> CCSA, including PKI federation at LoA 3+ and a cyber controls framework.
> Four "standards" for cyber controls frameworks are on the table - SP800-53
> R4, SANS CAG4, Australian Top 35 mitigations and ETSI ISI. They are all
> broadly similar, however they are not enough. The UK MOD has developed the
> Cyber Defence Capability Assessment Tool (CDCAT) that they describe as a
> mashup of these standards with an ITIL structure, converted into a process
> that organisations can use. The CDCAT activity is already involving to
> some major companies (users) and technology vendors. There is interest
> from some nations and the EU to take forward CDCAT and SANS.
> The requirement for certification and assurance was discussed at the
> meeting and Kantara was raised by several participants as a possible way
> ahead. Consequently, I ask the LC:
> - To be aware and think about the unfolding situation
> - To consider how Kantara might engage and how it would participate to
> enable implementation of the ISF
> - To consider attending the next meeting, which is due to be in
> Brussels in the 2nd week of July. The primary purpose of that meeting is
> to establish a set of Founding Participants to form a new organisation or
> enhance an existing organisation, who would then become the elected
> Steering Group of the organisation, once formed. Discussions will include
> all the required C&A functions, so it would be good to have KI participate.
> I realise that you may not want to travel to Brussels and you may want to
> have a knowledgeable 'local' LC proxy instead.
> I think the ISF connects to many things that KI is already doing so this
> ought to be a good fit, but it will need to be expanded functionally and
> I welcome your feedback and would be happy to discuss further at the LC or
> in a strategy group.
> PS. If any KI organisation is interested in becoming involved as an
> organisation, they are also welcome to contact me.
> yours sincerely,
> Patrick Curry
> Clarion Identity Ltd
> M: +44 786 024 9074
> T: +44 1980 620606
> patrick.curry at clarionidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the LC