OASIS Cyber Threat Intelligence (CTI) TC

I would respectfully dissent from the notion of setting up an ISAO SC. Tony is entirely correct that ISAO is a necessary alliance. However, 1. CTI TC is a distinct OASIS effort with a scope envisioned in a charter. ISAO is an emerging space that still lacks definition.  2. ISAO is distinctly a US concept with related optics issues globally, relative to potentially creating unintended distraction  3. ISAO has its own emerging ecosystem and the TC may lack credibility or become negatively perceived as a result of prematurely moving into this space In lieu of a SC, I propose a liaison relationship to emerging ISAO efforts. This way the TC has a mechanism to remain abreast of related efforts and interests.  Best  Doug Douglas DePeppe, LLM, JD EosEdge Legal Cyberlaw and Services 719.357.8025 This email and any attachments contain information belonging to the sender which may be confidential and legally privileged.  The information is only for the intended recipient.  If you are not the intended recipient, any disclosure, copy, distribution, or action taken in reliance on the contents of the information contained in this transmission is strictly prohibited.  If you have received this transmission in error, promptly inform me and delete the message. Sent from my Mobile

Propose that we can make this a high level strategic objective for the Outreach Committee.  For example, we can engage with those leading related efforts (e.g.,  when/if the DHS contract is awarded to a Standards Body, any similar international initiatives). CTI  (and any other commonly adopted related standards) will play a critical role in the "how" we interconnect ISACs/ISAOs.  We need to ensure those developing CTI are well informed of issues, opportunities, and key impediments to adoption that can be addressed in the related standards. Patrick Maroney Office: (856)983-0001 Cell: (609)841-5104 pmaroney@specere.org From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Doug DePeppe <doug@eosedgelegal.com> Sent: Friday, June 19, 2015 12:15:20 PM To: Jordan, Bret; cti@lists.oasis-open.org; Richard Struse; Chet Ensign Subject: RE: [cti] Subcommittee - Summary So Far   I would respectfully dissent from the notion of setting up an ISAO SC. Tony is entirely correct that ISAO is a necessary alliance. However, 1. CTI TC is a distinct OASIS effort with a scope envisioned in a charter. ISAO is an emerging space that still lacks definition.  2. ISAO is distinctly a US concept with related optics issues globally, relative to potentially creating unintended distraction  3. ISAO has its own emerging ecosystem and the TC may lack credibility or become negatively perceived as a result of prematurely moving into this space In lieu of a SC, I propose a liaison relationship to emerging ISAO efforts. This way the TC has a mechanism to remain abreast of related efforts and interests.  Best  Doug Douglas DePeppe, LLM, JD EosEdge Legal Cyberlaw and Services 719.357.8025 This email and any attachments contain information belonging to the sender which may be confidential and legally privileged.  The information is only for the intended recipient.  If you are not the intended recipient, any disclosure, copy, distribution, or action taken in reliance on the contents of the information contained in this transmission is strictly prohibited.  If you have received this transmission in error, promptly inform me and delete the message. Sent from my Mobile
Original message -------- From: "Jordan, Bret" Date:06/19/2015 8:49 AM (GMT-07:00) To: cti@lists.oasis-open.org, Richard Struse , Chet Ensign Subject: [cti] Subcommittee - Summary So Far I missed one, sorry about that Tony.... Rich / Chet,  Based on discussions this is what we have so far, can we get some of these setup for voting so they can get the spaces setup and work can begin? STIX: Co-Chair: Terry MacDonald Co-Chair: (Options are Sean Barnum or Aharon Chernin) TAXII: Co-Chair: Bret Jordan Co-Chair: Marc Davidson CYBOX: Co-Chair: ?? Co-Chair: ?? DATABASE: Co-Chair: Eric Burger Co-Chair: (My option is Jerome Athias would be good here, but that is still open on the list) OUTREACH: Co-Chair: Joep Gommers Co-Chair: Patrick Maroney ISAO Co-Chair: ?? Co-Chair: ?? Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."  Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

Note that the ISAO name is optional. In fact, morphing the term into STIXO has a certain appeal. That way, ISAOs can be branded and are simply a species of STIXO. The subcommittee has a very narrow scope of simply producing a schema for uniquely identifying STIXOs. Some global body needs to do this. If not CTI, who? Conversely, if you leave it to someone else, you may not like the result. See attached revision. --tony On 2015-06-19 12:15 PM, Doug DePeppe wrote: I would respectfully dissent from the notion of setting up an ISAO SC. Tony is entirely correct that ISAO is a necessary alliance. However, 1. CTI TC is a distinct OASIS effort with a scope envisioned in a charter. ISAO is an emerging space that still lacks definition. 2. ISAO is distinctly a US concept with related optics issues globally, relative to potentially creating unintended distraction 3. ISAO has its own emerging ecosystem and the TC may lack credibility or become negatively perceived as a result of prematurely moving into this space In lieu of a SC, I propose a liaison relationship to emerging ISAO efforts. This way the TC has a mechanism to remain abreast of related efforts and interests. Best Doug Attachment: cti-stixo_SC_request_rev1.docx Description: application/vnd.openxmlformats-officedocument.wordprocessingml.document

Doug, You took the words right out of my mouth!? I concur completely. The ISACs (the original ISAO's) are embracing/have embraced STIX and TAXII. However ISAOs to be formed under the US centric EO will be not have figured out how or what information to share let alone conceive of how to do that via machine to machine sharing.  Denise Anderson Chair, National Council of ISACs Sent from my BlackBerry From: Doug DePeppe Sent: Friday, June 19, 2015 12:15 PM To: Jordan, Bret; cti@lists.oasis-open.org; Richard Struse; Chet Ensign Subject: RE: [cti] Subcommittee - Summary So Far I would respectfully dissent from the notion of setting up an ISAO SC. Tony is entirely correct that ISAO is a necessary alliance. However, 1. CTI TC is a distinct OASIS effort with a scope envisioned in a charter. ISAO is an emerging space that still lacks definition.  2. ISAO is distinctly a US concept with related optics issues globally, relative to potentially creating unintended distraction  3. ISAO has its own emerging ecosystem and the TC may lack credibility or become negatively perceived as a result of prematurely moving into this space In lieu of a SC, I propose a liaison relationship to emerging ISAO efforts. This way the TC has a mechanism to remain abreast of related efforts and interests.  Best  Doug Douglas DePeppe, LLM, JD EosEdge Legal Cyberlaw and Services 719.357.8025 This email and any attachments contain information belonging to the sender which may be confidential and legally privileged.  The information is only for the intended recipient.  If you are not the intended recipient, any disclosure, copy, distribution, or action taken in reliance on the contents of the information contained in this transmission is strictly prohibited.  If you have received this transmission in error, promptly inform me and delete the message. Sent from my Mobile
Original message -------- From: "Jordan, Bret" Date:06/19/2015 8:49 AM (GMT-07:00) To: cti@lists.oasis-open.org, Richard Struse , Chet Ensign Subject: [cti] Subcommittee - Summary So Far I missed one, sorry about that Tony.... Rich / Chet,  Based on discussions this is what we have so far, can we get some of these setup for voting so they can get the spaces setup and work can begin? STIX: Co-Chair: Terry MacDonald Co-Chair: (Options are Sean Barnum or Aharon Chernin) TAXII: Co-Chair: Bret Jordan Co-Chair: Marc Davidson CYBOX: Co-Chair: ?? Co-Chair: ?? DATABASE: Co-Chair: Eric Burger Co-Chair: (My option is Jerome Athias would be good here, but that is still open on the list) OUTREACH: Co-Chair: Joep Gommers Co-Chair: Patrick Maroney ISAO Co-Chair: ?? Co-Chair: ?? Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."  Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."