OASIS Cyber Threat Intelligence (CTI) TC

 View Only

Re: [cti] Submission of STIX/TAXII to ITU-T? Plan for reply

  • 1.  Re: [cti] Submission of STIX/TAXII to ITU-T? Plan for reply

    Posted 12-13-2018 18:39
      |   view attached




    Tony I understand and value the goal of expanding to other sectors.
     
    My point is do that with V2. Not V1.
     
    Most companies doing CTI are global companies including my own.

     
    Supporting 2 versions of a standard is both costly, time-consuming, error-prone and ultimately the downstream consumer of CTI is the one that is impacted by having multiple standards.
     
    ITU-T should focus on helping STIX/TAXII v2 expand its reach if they want to help. And that is my advice to OASIS.
     

    Allan Thomson
    CTO ( +1-408-331-6646)
    LookingGlass Cyber Solutions

     

    From: Tony Rutkowski <tony@yaana.com>
    Date: Thursday, December 13, 2018 at 10:34 AM
    To: Allan Thomson <athomson@lookingglasscyber.com>, "Kelley, Sarah E." <skelley@mitre.org>, "jamie.clark@oasis-open.org" <jamie.clark@oasis-open.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, "Struse, Richard J." <rjs@mitre.org>, "trey.darley@cert.be"
    <trey.darley@cert.be>
    Cc: Chet Ensign <chet.ensign@oasis-open.org>
    Subject: Re: [cti] Submission of STIX/TAXII to ITU-T? Plan for reply


     


    Hi Allan,
     
    Perhaps some background is useful.  OASIS has had working relationship for years with other standards bodies who assist in the global marketing and evangelization of its specification platforms to different user
    bases. In some of these bodies, there are authoritative translations to different languages as part of the value proposition.   ETSI is one of them - which published a STIX derivative to enable its use as part of the normative NIS Directive.  ITU-T SG17 is
    another.  None of this new, as similar activities have been occurring for decades.
     
    About two years ago, Korean organizations began a cooperative effort in SG17 to develop telecommunication use cases for STIX use.  The work seems to have been popular and they are expanding the work, and seeking
    OASIS collaboration in what they produce.  Certainly care is needed so they are not developing their own alternative STIX specifications, but that doesn't appear to be what is occurring here.  The participants there are not "foolish and disconnected" but appreciate
    the value proposition of CTI work and are attempting to expand its use to other sectors.
     
    --tony





    From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Allan Thomson <athomson@lookingglasscyber.com>
    Sent: Thursday, December 13, 2018 12:58:00 PM
    To: Kelley, Sarah E.; Jamie Clark; OASIS CTI TC Discussion List; Struse, Richard J.; trey.darley@cert.be
    Cc: Chet Ensign
    Subject: Re: [cti] Submission of STIX/TAXII to ITU-T? Plan for reply


     




    Regardless of when STIX2 becomes a full approved standard I think OASIS guidance to ITU-T should be that they should not standardize a standard (version1) that is already being replaced for good reason.
     
    I think it makes ITU-T look foolish and disconnected. But if they want to do that then go ahead. Its just an opinion.
     

    Allan Thomson
    CTO ( +1-408-331-6646)
    LookingGlass Cyber Solutions

     

    From:
    "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of "Kelley, Sarah E." <skelley@mitre.org>
    Date: Thursday, December 13, 2018 at 9:54 AM
    To: Allan Thomson <athomson@lookingglasscyber.com>, "jamie.clark@oasis-open.org" <jamie.clark@oasis-open.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, "Struse, Richard J." <rjs@mitre.org>, "trey.darley@cert.be" <trey.darley@cert.be>
    Cc: Chet Ensign <chet.ensign@oasis-open.org>
    Subject: RE: [cti] Submission of STIX/TAXII to ITU-T? Plan for reply


     

    If we would prefer to use STIX/TAXII 2, does this require that some form of STIX 2 and TAXII 2 be a full Oasis standard before next summer? Am I reading that correctly?

     

    Sarah Kelley
    Lead Cybersecurity Engineer, T8B2
    Defensive Operations
    The MITRE Corporation
    703-983-6242
    skelley@mitre.org


     


    From: cti@lists.oasis-open.org <cti@lists.oasis-open.org>
    On Behalf Of Allan Thomson
    Sent: Thursday, December 13, 2018 12:02 PM
    To: Jamie Clark <jamie.clark@oasis-open.org>; OASIS CTI TC Discussion List <cti@lists.oasis-open.org>; Struse, Richard J. <rjs@mitre.org>; trey.darley@cert.be
    Cc: Chet Ensign <chet.ensign@oasis-open.org>
    Subject: Re: [cti] Submission of STIX/TAXII to ITU-T? Plan for reply


     
    The importance of making sure VERSION 2 is the version to considered as the primary standard for CTI sharing cannot be understated.
     
    The market already does not understand the important and significant differences between v1 and v2.
     
    I strongly suggest that OASIS make sure the ITU-T does everything it can to adopt version 2 not 1.
     

    Allan Thomson
    CTO ( +1-408-331-6646)
    LookingGlass Cyber Solutions

     

    From:
    " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > on behalf of " jamie.clark@oasis-open.org "
    < jamie.clark@oasis-open.org >
    Date: Thursday, December 13, 2018 at 8:49 AM
    To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >, "Struse, Richard J." < rjs@mitre.org >, " trey.darley@cert.be "
    < trey.darley@cert.be >
    Cc: Chet Ensign < chet.ensign@oasis-open.org >
    Subject: [cti] Submission of STIX/TAXII to ITU-T? Plan for reply


     




    Dear members of the CTI TC:

    After consultation with your chairs, they asked us to share this
    (attached) communication from ITU-T's Study Group 17 (on cybersecurity), inquiring about a contribution of STIX and TAXII for their endorsement and approval.

    BACKGROUND.  OASIS has contributed many standards to global de jure standards bodies like ITU-T, including a number successfully approved by ITU's SG17. [1]  The ground rules for doing so can be found in the OASIS liaison policy [2].  T here
    are several process requirements, which include
    OASIS S tandard status, and an approval vote from the originating TC.

    Staff's view is that submission is
    appropriate and expected to be successful.
    OASIS submissions to the study group occur with the condition that,
    while comments are welcome, only the final approved version of the
    OASIS submission
    can be considered
    ... in other words, the
    ITU panel would not have the right to make changes as part of
    its approval process.

    CONSIDERATIONS FOR THIS SUBMISSION.  Your V ersions
    1 of STIX and TAXII of
    have become OASIS Standards , as you know.
      Your work
    on bringing
    your Versions 2 to
    that status is ongoing. Our understanding with your leader ship was
    tha t, while the Versions 1
    are not officially deprecated , your TC
    wishes to encourage implementation of the newer (and differently scheme-ad) Vesrions 2; 
    so a promotion of V ersions 1 to international standard status at this time might not
    achieve your goals.
      We have been advised that you likely would wish to submit both
    STIX and TAXII  together, and wait until both versions
    are eligible
    (as an OS) before submitting. The schedule of
    SG1 7 essentially
    uses live meetings
    once every six months, so this would probably result in a mid-2019 submission , assuming you
    support it.

    RECOMMENDATION .  If we are correct that
    your preference is to submit
    V ersion s 2.X, then we suggest
    that OASIS reply to this inquiry
    now, with a polite and encouraging indication that the TC expects to submit the completed version
    to ITU as soon as they're available, within a few months.
      That would allow us to provide a positive statement as feedback to the January 2019 meeting, for which planning is now underway .



     


    ACTION REQUESTED. Would you please let us (and the TC) know if there's any objection to that approach?  We'll plan to send the "version 2 coming soon" message, as described above,
    which requires no TC vote, if we hear no objections. 

    If on the other hand, there is TC sentiment to send completed
    V ersion s 1 to
    ITU for consideration
    for promotion and republication as
    " ITU-T Recommendations" ( their version of international standards), then please advise your TC leadership and my
    colleague Chet Ensign , as that could be done by a we b ballot
    TC vote at any time and a short public notice to the membership.


     


    Please feel free to contact Chet or me if you have any questions. 




    Kind regards


    Jamie

     


      [1]  Including SAML, XACML and CAP (an emergency services resources info protocol).


      [2] 
    https://www.oasis-open.org/policies-guidelines/liaison#submitwork


     














































    James Bryce Clark, General Counsel
    OASIS: Advancing open data, code and standards for the information society



    https://www.oasis-open.org/staff

    EU Commission 2018 Rolling Plan for Open ICT Standards:
    http://j.mp/EUstds2018


    OASIS Borderless Cybersecurity conference, October 2018:
    https://us18.borderlesscyber.org/en/



    Previously
    Prague 2017 ,
    NYC 2017 ,
    Tokyo 2016 ,
    Brussels 2016 ,
    World Bank 2015