[KI-LC] Kantara support for CCSA

Patrick Curry patrick.curry at clarionidentity.com
Thu May 30 02:32:51 CDT 2013


Dear all,

For the last 2 days, I have facilitated another planning meeting hosted and supported by the EU, with participants from EU, NATO, UN and government & industry organisations from 22 nations. TMForum also participates.  Organisations from over 30 nations have asked to be involved and the number is growing.    The purpose was to take forward the Information Sharing Framework (ISF) for Collaborative Cyber Situational Awareness (CCSA), (whose origins came from MNE7 - a 15 nation collaborative project), and to form an organisational structure to enable implementation and operation, for which there is a Strawman document.  The draft ISF is attached.  If a new organisation is formed, its provisional name is MACCSA - Multinational Alliance for CCSA.

The ISF defines a number of capabilities to enable information sharing for CCSA, including PKI federation at LoA 3+ and a cyber controls framework.  Four "standards" for cyber controls frameworks are on the table - SP800-53 R4, SANS CAG4, Australian Top 35 mitigations and ETSI ISI.  They are all broadly similar, however they are not enough.  The UK MOD has developed the Cyber Defence Capability Assessment Tool (CDCAT) that they describe as a mashup of these standards with an ITIL structure, converted into a process that organisations can use.  The CDCAT activity is already involving to some major companies (users) and technology vendors.  There is interest from some nations and the EU to take forward CDCAT and SANS.  

The requirement for certification and assurance was discussed at the meeting and Kantara was raised by several participants as a possible way ahead.  Consequently, I ask the LC:
To be aware and think about the unfolding situation
To consider how Kantara might engage and how it would participate to enable implementation of the ISF
To consider attending the next meeting, which is due to be in Brussels in the 2nd week of July.  The primary purpose of that meeting is to establish a set of Founding Participants to form a new organisation or enhance an existing organisation, who would then become the elected Steering Group of the organisation, once formed.  Discussions will include all the required C&A functions, so it would be good to have KI participate.  I realise that you may not want to travel to Brussels and you may want to have a knowledgeable 'local' LC proxy instead.        

I think the ISF connects to many things that KI is already doing so this ought to be a good fit, but it will need to be expanded functionally and geographically. 

I welcome your feedback and would be happy to discuss further at the LC or in a strategy group.

PS.  If any KI organisation is interested in becoming involved as an organisation, they are also welcome to contact me.
  
yours sincerely,

Patrick


Patrick Curry
Director
Clarion Identity Ltd

M:   +44 786 024 9074
T:   +44 1980 620606
patrick.curry at clarionidentity.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20130530/ee46e8e6/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MACCSA IS Framework V2-2 12May13.pdf
Type: application/pdf
Size: 2733211 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20130530/ee46e8e6/attachment-0001.pdf>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20130530/ee46e8e6/attachment-0003.html>


More information about the LC mailing list