OASIS Cyber Threat Intelligence (CTI) TC

Hi Rich, Congratulations to you and your colleagues at DHS, MITRE, DOD, and all who helped create the ecosystem that allowed these provisions to become law. Because the provisions are so difficult to parse in their native format, I've extracted them and provided a more readable version. I'm working on a fully hyperlinked version. This Act definitely makes TC CTI a major centerpiece for what is now the organic law of the U.S. cheers, --tony Attachment: Cybersecurity_Act_of_2015.pdf Description: Adobe PDF document

Hi everyone - I just feel like I need to make a comment about this... This act has received a lot of bad press and has been twisted around and reported on very inaccurately by a number of news outlets This is just my two cents but I feel quite strongly that we all have a duty as a community in the CTI space to try to communicate, wherever appropriate and possible, the real risks that motivate the liability protections in this act and how threat information sharing actually works in practice. The way many of these news articles are written makes this act sound like a horrible blow to individual privacy, when it is nothing of the sort. Just food for thought; - Jason Keirstead Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown Tony Rutkowski ---12/18/2015 04:19:53 PM---Hi Rich, Congratulations to you and your colleagues From: Tony Rutkowski <tony@yaanatech.com> To: Rich Struse <richard.struse@dhs.gov>, cti@lists.oasis-open.org Date: 12/18/2015 04:19 PM Subject: [cti] Cybersecurity Act of 2015 Sent by: <cti@lists.oasis-open.org> Hi Rich, Congratulations to you and your colleagues at DHS, MITRE, DOD, and all who helped create the ecosystem that allowed these provisions to become law. Because the provisions are so difficult to parse in their native format, I've extracted them and provided a more readable version. I'm working on a fully hyperlinked version. This Act definitely makes TC CTI a major centerpiece for what is now the organic law of the U.S. cheers, --tony [attachment "Cybersecurity_Act_of_2015.pdf" deleted by Jason Keirstead/CanEast/IBM] --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php  

Well this site www.stopcyberthreats.com which was setup by the Financial service roundtable as a counter balance to the privacy lobby. It has some solid counterpoints to those concerns Mark Sent from my Windows Phone From: Jason Keirstead Sent: ?12/?18/?2015 3:43 PM To: tony@yaanatech.com Cc: Rich Struse ; cti@lists.oasis-open.org Subject: Re: [cti] Cybersecurity Act of 2015 Hi everyone - I just feel like I need to make a comment about this... This act has received a lot of bad press and has been twisted around and reported on very inaccurately by a number of news outlets This is just my two cents but I feel quite strongly that we all have a duty as a community in the CTI space to try to communicate, wherever appropriate and possible, the real risks that motivate the liability protections in this act and how threat information sharing actually works in practice. The way many of these news articles are written makes this act sound like a horrible blow to individual privacy, when it is nothing of the sort. Just food for thought; - Jason Keirstead Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown Tony Rutkowski ---12/18/2015 04:19:53 PM---Hi Rich, Congratulations to you and your colleagues From: Tony Rutkowski <tony@yaanatech.com> To: Rich Struse <richard.struse@dhs.gov>, cti@lists.oasis-open.org Date: 12/18/2015 04:19 PM Subject: [cti] Cybersecurity Act of 2015 Sent by: <cti@lists.oasis-open.org> Hi Rich, Congratulations to you and your colleagues at DHS, MITRE, DOD, and all who helped create the ecosystem that allowed these provisions to become law. Because the provisions are so difficult to parse in their native format, I've extracted them and provided a more readable version. I'm working on a fully hyperlinked version. This Act definitely makes TC CTI a major centerpiece for what is now the organic law of the U.S. cheers, --tony [attachment "Cybersecurity_Act_of_2015.pdf" deleted by Jason Keirstead/CanEast/IBM] --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php  

Tony: Thanks for distilling it down. It's easier for me to print and read ( I know, old school).  You got it down to 32 pages.  Double-sided... it is still in my papers when the Internet is gone. My children will appreciate that as they go through the estate. Jane On 12/18/2015 4:44 PM, Mark Clancy wrote: Well this site www.stopcyberthreats.com which was setup by the Financial service roundtable as a counter balance to the privacy lobby. It has some solid counterpoints to those concerns Mark Sent from my Windows Phone From: Jason Keirstead Sent: ?12/?18/?2015 3:43 PM To: tony@yaanatech.com Cc: Rich Struse ; cti@lists.oasis-open.org Subject: Re: [cti] Cybersecurity Act of 2015 Hi everyone - I just feel like I need to make a comment about this... This act has received a lot of bad press and has been twisted around and reported on very inaccurately by a number of news outlets This is just my two cents but I feel quite strongly that we all have a duty as a community in the CTI space to try to communicate, wherever appropriate and possible, the real risks that motivate the liability protections in this act and how threat information sharing actually works in practice. The way many of these news articles are written makes this act sound like a horrible blow to individual privacy, when it is nothing of the sort. Just food for thought; - Jason Keirstead Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown Tony Rutkowski ---12/18/2015 04:19:53 PM---Hi Rich, Congratulations to you and your colleagues From: Tony Rutkowski <tony@yaanatech.com> To: Rich Struse <richard.struse@dhs.gov> , cti@lists.oasis-open.org Date: 12/18/2015 04:19 PM Subject: [cti] Cybersecurity Act of 2015 Sent by: <cti@lists.oasis-open.org> Hi Rich, Congratulations to you and your colleagues at DHS, MITRE, DOD, and all who helped create the ecosystem that allowed these provisions to become law. Because the provisions are so difficult to parse in their native format, I've extracted them and provided a more readable version. I'm working on a fully hyperlinked version. This Act definitely makes TC CTI a major centerpiece for what is now the organic law of the U.S. cheers, --tony [attachment Cybersecurity_Act_of_2015.pdf deleted by Jason Keirstead/CanEast/IBM] --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php   -- Jane Ginn, MSIA, MRP Cyber Threat Intelligence Network, Inc. jg@ctin.us

Hi Jane, Thanks. Having it in a structured format other than the almost incomprehensible native one in the actual Act does make a difference. It is worth noting that ISAOs are explicitly mentioned in the Act, and additional related authority given to DHS. It would be a good thing if the existing ISAO activity under the E.O. could be terminated and replaced with a more effective and authoritative one pursuant to the Act. In particular, having TC CTI develop a structured expression for an ISAO instance, and a means of discovery should be considered. --tony On 2015-12-18 10:48 PM, JG on CTI-TC wrote: Tony: Thanks for distilling it down. It's easier for me to print and read ( I know, old school). You got it down to 32 pages. Double-sided... it is still in my papers when the Internet is gone. My children will appreciate that as they go through the estate. Jane

I just spent some time start flame wars on Facebook over this... How fun...  It is amazing how grossly inaccurate and ill educated people are on this topic.  The internet is a breading ground for false knowledge and sensationalism.  Everyone in this group needs to make some posts to social media talking about what this will do.  We need to help overcome the title wave of false knowledge.  Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   On Dec 18, 2015, at 16:44, Mark Clancy < mclancy@soltra.com > wrote: Well this site www.stopcyberthreats.com which was setup by the Financial service roundtable as a counter balance to the privacy lobby. It has some solid counterpoints to those concerns Mark Sent from my Windows Phone From: Jason Keirstead Sent: ?12/?18/?2015 3:43 PM To: tony@yaanatech.com Cc: Rich Struse ; cti@lists.oasis-open.org Subject: Re: [cti] Cybersecurity Act of 2015 Hi everyone - I just feel like I need to make a comment about this... This act has received a lot of bad press and has been twisted around and reported on very inaccurately by a number of news outlets This is just my two cents but I feel quite strongly that we all have a duty as a community in the CTI space to try to communicate, wherever appropriate and possible, the real risks that motivate the liability protections in this act and how threat information sharing actually works in practice. The way many of these news articles are written makes this act sound like a horrible blow to individual privacy, when it is nothing of the sort. Just food for thought; - Jason Keirstead Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown <graycol.gif> Tony Rutkowski ---12/18/2015 04:19:53 PM---Hi Rich, Congratulations to you and your colleagues From: Tony Rutkowski < tony@yaanatech.com > To: Rich Struse < richard.struse@dhs.gov >, cti@lists.oasis-open.org Date: 12/18/2015 04:19 PM Subject: [cti] Cybersecurity Act of 2015 Sent by: < cti@lists.oasis-open.org > Hi Rich, Congratulations to you and your colleagues at DHS, MITRE, DOD, and all who helped create the ecosystem that allowed these provisions to become law. Because the provisions are so difficult to parse in their native format, I've extracted them and provided a more readable version. I'm working on a fully hyperlinked version. This Act definitely makes TC CTI a major centerpiece for what is now the organic law of the U.S. cheers, --tony [attachment Cybersecurity_Act_of_2015.pdf deleted by Jason Keirstead/CanEast/IBM] --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php   Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail

A well-articulated OASIS press release would help. One can expect many mainstream business organizations to do something similar this coming week. Ignorance comes with the turf.  During my years at the FCC, well before social media, letters by the thousands were received about alleged government monitoring from radio devices planted in people's heads. The K-street non-profits who have tight bindings with press contacts have whipped up the paranoia and proliferated misinformation for funding and raison d'être. They will move on. Our energies are best devoted to engaging in technical communities worldwide to apply the CTI tools to major infrastructures and new developments such as mobile, health, IoT, NFV, and provide the mappings to significant IA platforms such as the Critical Security Controls.  Exciting times. --tony On 2015-12-19 10:53 PM, Jordan, Bret wrote: I just spent some time start flame wars on Facebook over this... How fun...  It is amazing how grossly inaccurate and ill educated people are on this topic.  The internet is a breading ground for false knowledge and sensationalism.  Everyone in this group needs to make some posts to social media talking about what this will do.  We need to help overcome the title wave of false knowledge.  Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   On Dec 18, 2015, at 16:44, Mark Clancy < mclancy@soltra.com > wrote: Well this site www.stopcyberthreats.com which was setup by the Financial service roundtable as a counter balance to the privacy lobby. It has some solid counterpoints to those concerns Mark Sent from my Windows Phone From: Jason Keirstead Sent: ?12/?18/?2015 3:43 PM To: tony@yaanatech.com Cc: Rich Struse ; cti@lists.oasis-open.org Subject: Re: [cti] Cybersecurity Act of 2015 Hi everyone - I just feel like I need to make a comment about this... This act has received a lot of bad press and has been twisted around and reported on very inaccurately by a number of news outlets This is just my two cents but I feel quite strongly that we all have a duty as a community in the CTI space to try to communicate, wherever appropriate and possible, the real risks that motivate the liability protections in this act and how threat information sharing actually works in practice. The way many of these news articles are written makes this act sound like a horrible blow to individual privacy, when it is nothing of the sort. Just food for thought; - Jason Keirstead Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown <graycol.gif> Tony Rutkowski ---12/18/2015 04:19:53 PM---Hi Rich, Congratulations to you and your colleagues From: Tony Rutkowski < tony@yaanatech.com > To: Rich Struse < richard.struse@dhs.gov >, cti@lists.oasis-open.org Date: 12/18/2015 04:19 PM Subject: [cti] Cybersecurity Act of 2015 Sent by: < cti@lists.oasis-open.org > Hi Rich, Congratulations to you and your colleagues at DHS, MITRE, DOD, and all who helped create the ecosystem that allowed these provisions to become law. Because the provisions are so difficult to parse in their native format, I've extracted them and provided a more readable version. I'm working on a fully hyperlinked version. This Act definitely makes TC CTI a major centerpiece for what is now the organic law of the U.S. cheers, --tony [attachment Cybersecurity_Act_of_2015.pdf deleted by Jason Keirstead/CanEast/IBM] --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php   -- ________________________________ Anthony Michael Rutkowski EVP, Industry Standards & Regulatory Affairs tony@yaanatech.com +1 703 999 8270 ________________________________ Yaana Technologies LLC 542 Gibraltar Drive Milpitas CA 95035 USA