There are actually many lists and they all focus on different things and have different levels of granularity based on what it focuses on. Some focus on critical infrastructure and some focus on certain industry sectors more than others. There is no good list
for all use cases.
What we tried to do for 2.0 is take the top 15-20 lists we could find and find the commonality that existed between them and fill in the gaps that were missing in any one list. Marking sure we normalized at the same level of abstraction for each area.
The next thing we tried to do is minimize confusing overlap and take a minimal approach. So if two or three categorize where overly similar and specific relative to the rest of the items in the list, we tried to find how other lists treated this and find
a term higher up that could encompass both.
The last thing we did was reword sub categories so that they would line up alphabetically.
We may need to add a few entries here and there, but we should try and keep the list short enough that people can actually find what they are looking for. And before we make any huge changes we need to remember that different groups have different requirements
and that the list is an open vocab and the property is a list. So you can add more than one entry. You could pick an item from this higher level list and then add an extra entry for a specific entry from your sector specific detailed list.
Through this work we found that many of the lists are a mile deep in one area and an inch deep every where else. This combined list that we have today’s tries to be a few feet deep every where.
Bret
Sent from my Commodore 128D
PGP
Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415
0050
On Nov 10, 2017, at 10:51 PM, Jason Keirstead <
Jason.Keirstead@ca.ibm.com > wrote:
I like the look of this one from the UN
https://en.wikipedia.org/wiki/International_Standard_Industrial_Classification -
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security Without data, all you are is just another person with an opinion - Unknown
From: "Masuoka, Ryusuke" <
masuoka.ryusuke@jp.fujitsu.com >
To: 'Jason Keirstead' <
Jason.Keirstead@ca.ibm.com >
Cc: Allan Thomson <
athomson@lookingglasscyber.com >, Bret Jordan <
Bret_Jordan@symantec.com >,
"'
cti@lists.oasis-open.org '" <
cti@lists.oasis-open.org >, "Thompson, Dean" <
Dean.Thompson@anz.com >, "Taylor, Marlon" <
Marlon.Taylor@hq.dhs.gov >,
"'Werntz, Preston'" <
Preston.Werntz@HQ.DHS.GOV >
Date: 11/09/2017 10:58 PM
Subject: RE: [cti] Re: [EXT] Re: [cti] RE: Suggested Additions to industry-sector-ov
Sent by: <
cti@lists.oasis-open.org >
Do we plan to settle on a single set of industry categories?
I am afraid that would be difficult as we witness several on the list
Ref:
https://en.wikipedia.org/wiki/Industry_classification There must be some reasons behind why there are several
and each country would use one defined for its own country
due to historical and regional reasons.
As long as each category set is reasonably defined, we can
translate them into another.
Regards,
Ryu
From: Jason Keirstead [ mailto:
Jason.Keirstead@ca.ibm.com ]
Sent: Friday, November 10, 2017 11:16 AM
To: Masuoka, Ryusuke/ ?? ?? <
masuoka.ryusuke@jp.fujitsu.com >
Cc: Allan Thomson <
athomson@lookingglasscyber.com >; Bret Jordan <
Bret_Jordan@symantec.com >; '
cti@lists.oasis-open.org '
<
cti@lists.oasis-open.org >; Thompson, Dean <
Dean.Thompson@anz.com >; Taylor, Marlon <
Marlon.Taylor@hq.dhs.gov >; 'Werntz, Preston'
<
Preston.Werntz@HQ.DHS.GOV >
Subject: RE: [cti] Re: [EXT] Re: [cti] RE: Suggested Additions to industry-sector-ov
Should we look to existing global standards for this instead of trying to invent our own vocab or pick one from a country (or somehow make an amalgam of countries) ?
Ref:
https://en.wikipedia.org/wiki/Industry_classification Many possible candidates there, most free to reference without having to pay ISO.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security Without data, all you are is just another person with an opinion - Unknown
From: "Masuoka, Ryusuke" <
masuoka.ryusuke@jp.fujitsu.com >
To: "'Werntz, Preston'" <
Preston.Werntz@HQ.DHS.GOV >, Allan Thomson <
athomson@lookingglasscyber.com >,
Bret Jordan <
Bret_Jordan@symantec.com >, Jason Keirstead <
Jason.Keirstead@ca.ibm.com >,
"Thompson, Dean" <
Dean.Thompson@anz.com >
Cc: "'
cti@lists.oasis-open.org '" <
cti@lists.oasis-open.org >,
"Taylor, Marlon" <
Marlon.Taylor@hq.dhs.gov >
Date: 11/09/2017 08:41 PM
Subject: RE: [cti] Re: [EXT] Re: [cti] RE: Suggested Additions to industry-sector-ov
Hi,
I mentioned this during the F2F in Austin, but there are thirteen "official" critical infrastructures
defined by NISC (
https://www.nisc.go.jp/ )
in Japan
- information and communication services
- financial services
- aviation services
- railway services
- electric power supply services
- gas supply services
- government and administrative services (including municipal government)
- medical services
- water services
- logistics services
- chemical industries
- credit card services
- petroleum industries
See
https://www.nisc.go.jp/eng/pdf/actionplan_ci_eng_v3.pdf https://
www.nisc.go.jp/active/infra/outline.html Regards,
Ryu
P.S.
I am not exactly sure why credit card services is separate from financial services…
From:
cti@lists.oasis-open.org [ mailto:
cti@lists.oasis-open.org ]
On Behalf Of Werntz, Preston
Sent: Wednesday, November 8, 2017 3:00 AM
To: Allan Thomson <
athomson@lookingglasscyber.com >; Bret Jordan <
Bret_Jordan@symantec.com >;
Jason Keirstead <
Jason.Keirstead@ca.ibm.com >; Thompson, Dean <
Dean.Thompson@anz.com >
Cc: '
cti@lists.oasis-open.org ' <
cti@lists.oasis-open.org >; Taylor,
Marlon <
Marlon.Taylor@hq.dhs.gov >
Subject: RE: [cti] Re: [EXT] Re: [cti] RE: Suggested Additions to industry-sector-ov
Very good point Allan. I was coming at it from a DHS-centric view around the 16 critical infrastructures we track (
https://www.dhs.gov/critical-infrastructure-sectors )
but if there’s a way that’s not too burdensome to allow for other regions or countries to annotate it differently, that makes sense.
Preston
From:
cti@lists.oasis-open.org [ mailto:
cti@lists.oasis-open.org ]
On Behalf Of Allan Thomson
Sent: Tuesday, November 7, 2017 11:53 AM
To: Bret Jordan <
Bret_Jordan@symantec.com >; Jason Keirstead <
Jason.Keirstead@ca.ibm.com >;
Thompson, Dean <
Dean.Thompson@anz.com >
Cc: '
cti@lists.oasis-open.org ' <
cti@lists.oasis-open.org >; Taylor,
Marlon <
Marlon.Taylor@hq.dhs.gov >
Subject: Re: [cti] Re: [EXT] Re: [cti] RE: Suggested Additions to industry-sector-ov
I think we need to recognize (as others have pointed out) that some of these sector definitions are region specific.
So we might need to consider
us_chemical_sector
us_dams_sector
Australia_energy_sector
……etc.
If this introduces too many values in the ov then we should consider how to resolve the fact that there are differences across regions in these definitions.
Allan
From: "
cti@lists.oasis-open.org " <
cti@lists.oasis-open.org >
on behalf of Bret Jordan <
Bret_Jordan@symantec.com >
Date: Tuesday, November 7, 2017 at 8:49 AM
To: Jason Keirstead <
Jason.Keirstead@ca.ibm.com >, "Thompson, Dean" <
Dean.Thompson@anz.com >
Cc: "
cti@lists.oasis-open.org " <
cti@lists.oasis-open.org >,
"Taylor, Marlon" <
Marlon.Taylor@hq.dhs.gov >
Subject: [cti] Re: [EXT] Re: [cti] RE: Suggested Additions to industry-sector-ov
I will also post these comments and feedback on the github issue tracker for this.
One of the things we tried really hard to do is make sure that we were not overly verbose with categories. Basically try and bubble up to a higher level group. However, we probably missed a few here and there.
1) Chemical Sector - Is this a one off, or are there others we need to add? If so, is there a higher level category that we can come up with that contains this??
2) Commercial Facilities Sector - Can you give an example of what this would be?
3) Dams Sector - I think this would be handled by the "Infrastructure", "Energy", or "Utilities" sector categories
4) Nuclear Reactors, Materials, and Waste Sector - For the Nuclear Reactors I figured they would be part of "Infrastructure", "Energy", or "Utilities". Is the Materials / Waste specific to Nuclear ? If so I might suggest that we make the sector name just "Nuclear"
and not put the various sub elements, because someone will just ask for one more sub element.
5) Water and Wastewater Systems Sector - I figured these would go in to "government-public-services" but I guess Water could also go in to "Infrastructure" depending on how you viewed it.
If we do decide to add any of these, we should really try to figure out if they are just sub categories of something else, if so, we should use our adopted standard of toplevelcategory-subcategory style.
Bret
From:
cti@lists.oasis-open.org <
cti@lists.oasis-open.org >
on behalf of Jason Keirstead <
Jason.Keirstead@ca.ibm.com >
Sent: Tuesday, November 7, 2017 7:17:24 AM
To: Thompson, Dean
Cc: '
cti@lists.oasis-open.org '; 'Taylor, Marlon'
Subject: [EXT] Re: [cti] RE: Suggested Additions to industry-sector-ov
In North America they're usually owned and operated by power utilities.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security Without data, all you are is just another person with an opinion - Unknown
From: "Thompson, Dean" <
Dean.Thompson@anz.com >
To: "'Taylor, Marlon'" <
Marlon.Taylor@hq.dhs.gov >, "'
cti@lists.oasis-open.org '"
<
cti@lists.oasis-open.org >
Date: 11/07/2017 06:42 AM
Subject: [cti] RE: Suggested Additions to industry-sector-ov
Sent by: <
cti@lists.oasis-open.org >
Hi!,
One quick one, but are “Dam’s” a subset of the “Water” sector. I know in Australia we treat it like this.
Regards,
Dean
From:
cti@lists.oasis-open.org [ mailto:
cti@lists.oasis-open.org ]
On Behalf Of Taylor, Marlon
Sent: Tuesday, 7 November 2017 5:36 AM
To:
cti@lists.oasis-open.org Subject: [cti] Suggested Additions to industry-sector-ov
Hi TC,
During the October F2F the omissions of specific some critical infrastructure was discussed and it was suggested to open a github issue to add those items to the industry-sector-ov. This change adds support for sectors not previously included and does not have
a negative impact on the existing sectors.
GITHUB LINK:
https://github.com/oasis-tcs/cti-stix2/issues/34 Are there any objections to including the resolution of this item into 2.1?
Marlon Taylor
Technology Services Section
National Cybersecurity & Communications Integration Center (NCCIC)
U.S. Department of Homeland Security
"This e-mail and any attachments to it (the "Communication") is, unless otherwise stated, confidential, may contain copyright material and is for the use only of the intended recipient. If you receive the Communication in error, please notify the sender immediately
by return e-mail, delete the Communication and the return e-mail, and do not read, copy, retransmit or otherwise deal with it. Any views expressed in the Communication are those of the individual sender only, unless expressly stated to be those of Australia
and New Zealand Banking Group Limited ABN 11 005 357 522, or any of its related entities including ANZ Bank New Zealand Limited (together "ANZ"). ANZ does not accept liability in connection with the integrity of or errors in the Communication, computer virus,
data corruption, interference or delay arising from or in respect of the Communication."