[KI-LC] Kantara support for CCSA

Joni Brennan joni at ieee-isto.org
Thu May 30 13:19:32 CDT 2013

Dear Patrick,

Thank you for raising this discussion and providing very good detail.  I
believe we have an appropriate Board and ARB sub-committee who could action
this well and perhaps help us to ensure attendance at the next event.  It
certainly sounds like a good opportunity to put the Kantara program and
surrounding organizational architecture to good use.

I will next take this to a small sub team which we, of course, invite you
to join to determine plan of action.

If others on the LC are very interested to participate in the action
sub-team please advise me directly.

Best Regards,
- Joni

On Thu, May 30, 2013 at 12:32 AM, Patrick Curry <
patrick.curry at clarionidentity.com> wrote:

> Dear all,
> For the last 2 days, I have facilitated another planning meeting hosted
> and supported by the EU, with participants from EU, NATO, UN and government
> & industry organisations from 22 nations. TMForum also participates.
>  Organisations from over 30 nations have asked to be involved and the
> number is growing.    The purpose was to take forward the Information
> Sharing Framework (ISF) for Collaborative Cyber Situational Awareness
> (CCSA), (whose origins came from MNE7 - a 15 nation collaborative project),
> and to form an organisational structure to enable implementation and
> operation, for which there is a Strawman document.  The draft ISF is
> attached.  If a new organisation is formed, its provisional name is MACCSA
> - Multinational Alliance for CCSA.
> The ISF defines a number of capabilities to enable information sharing for
> CCSA, including PKI federation at LoA 3+ and a cyber controls framework.
>  Four "standards" for cyber controls frameworks are on the table - SP800-53
> R4, SANS CAG4, Australian Top 35 mitigations and ETSI ISI.  They are all
> broadly similar, however they are not enough.  The UK MOD has developed the
> Cyber Defence Capability Assessment Tool (CDCAT) that they describe as a
> mashup of these standards with an ITIL structure, converted into a process
> that organisations can use.  The CDCAT activity is already involving to
> some major companies (users) and technology vendors.  There is interest
> from some nations and the EU to take forward CDCAT and SANS.
> The requirement for certification and assurance was discussed at the
> meeting and Kantara was raised by several participants as a possible way
> ahead.  Consequently, I ask the LC:
>    - To be aware and think about the unfolding situation
>    - To consider how Kantara might engage and how it would participate to
>    enable implementation of the ISF
>    - To consider attending the next meeting, which is due to be in
>    Brussels in the 2nd week of July.  The primary purpose of that meeting is
>    to establish a set of Founding Participants to form a new organisation or
>    enhance an existing organisation, who would then become the elected
>    Steering Group of the organisation, once formed.  Discussions will include
>    all the required C&A functions, so it would be good to have KI participate.
>     I realise that you may not want to travel to Brussels and you may want to
>    have a knowledgeable 'local' LC proxy instead.
> I think the ISF connects to many things that KI is already doing so this
> ought to be a good fit, but it will need to be expanded functionally and
> geographically.
> I welcome your feedback and would be happy to discuss further at the LC or
> in a strategy group.
> PS.  If any KI organisation is interested in becoming involved as an
> organisation, they are also welcome to contact me.
> yours sincerely,
> Patrick
> Patrick Curry
> Director
> Clarion Identity Ltd
> M:   +44 786 024 9074
> T:   +44 1980 620606
> patrick.curry at clarionidentity.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20130530/a799138e/attachment.html>

More information about the LC mailing list