Note: This page is part of the us-cert.gov archive.

Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.

Information Sharing and Analysis Organization (ISAO) Workshop, June 9, 2015, Part 7 of 7

Description

Read-Out and Next Steps in Auditorium

Audio File Media
Audio file
Audio Gal Description

This is an audio file.

Transcript

MIKE ECHOLS:  All right.  So what we want to do now is we want to have a read-out, and it’s crude because we did it very quickly, but we want to give you a read-out of today.  Carnegie Mellon works with us.  They are going to create a white paper.  What’s going to happen from that white paper is it’s going to inform our next session, which is going to be in Silicon Valley, the last week—don’t quote me—July the 30th at San Jose State University.

ATTENDEE:  Do have a hotel yet?

MIKE ECHOLS:  That’s what I’m telling you now.  San Jose State University.  The goal here is I don’t want anyone’s work or anyone to feel as though their work is getting tossed to the side.  This is really important.  It’s clear to us from the conversations today, there is a lot of work to be done, and I have to tell you that I don’t know of any other forum—and I haven’t seen it anywhere—where all of these conversations haven’t been had collectively in one place, and so the goal is to document that, right, so we know exactly where the middle of this target is, all right?

So when we go into this next meeting, we’re going to be able to take the information from the day and have a more targeted approach.  When the standards organization is stood up, they shouldn’t have to have exactly the same conversations.  We don’t need to waste any time.  We need to understand those things that are possible and those things that are really more long term, and so by your activities here today, that helps us to get there.

So, without further ado, I’m going to bring up Roman, and he’s going to give you a read-out.  And additionally, please, please, please, please, please, the good, the bad, and the ugly.  Contact me.  Let me know.  If you think it stunk today, I want to know.  That’s informative to me.  That’s not like junk mail to me.  I need to know, right?  If it was wonderful, if there’s another approach, whatever it is, contact me.  It does not way that we are going to take your input and run with it, but potentially some of your input will be used going forward.  Please contact me.  Thank you.

ROMAN DANYLIW:  Good afternoon, everyone, and I fully appreciate it’s the end of the day.  So what I have here today is just a very, very quick summary of what happened across the tracks.  The way I would characterize it, it’s probably more informative if you were in the track which you are about to see because they’re very macro-level—macro-level topic areas.

So Track 1 largely focused on what the models might be for information sharing, the lessons learned, and the foundational things that would be important to standing up an ISAO.  Some of the key themes that came through were, first and foremost, ISAO should serve their members.  There’s a capacity-building dimension to this ISAO, and for all ISAOs to be successful, there needs to be more workforce capacity.

There will be baseline standards published by the SO.  However that is done, it needs to really take in account the diversity of capability, capacity, and the missions that the various ISAO organizations may have.  ISAOs are going to serve many different types of memberships, small, medium, large, and that again needs to be captured in what makes for a successful ISAO.

With a name, include “sharing” and “analysis,” but they shouldn’t be considered one word.  They are both as a sharing function and an analysis function, and both must be equally considered.  And it’s also important to recognize when one talks about sharing that there are a lot of other initiatives, a lot of other efforts, and a lot of lessons learned about how that’s done and that’s done today.  And that needs to be folded into the ISAO process.

Areas of discussion that we went through were, first and foremost, the degree to which the government involvement would exist in recognizing ISAOs, talking through what’s the value proposition of even participating in an ISAO, what the economics of that would be, the benefits that the U.S. government should give organizations that are recognized as ISAOs.

There was a little bit of a chicken-and-egg discussion about how do we talk about governance before we talk about the things that the ISAO should be doing, and we need to recognize that.  And one of the succinct bits of feedback that came up a couple of times is that there was a feeling that the standards organization, the SO, as we talk about, and all the different things that it’s supposed to be doing may be misnamed as a standards organization.  And that might be a source of confusion.

Pivoting to Track 2, the analysis track, that was focused on what would be some of those analytical capabilities that an ISAO would have.  Some of the key themes that came from that is that the SO in its exploration of those baseline guidelines and standards should absolutely reuse existing models, taxonomies, things already out there in the community.  There would be great value in having common terminology for different ISAOs to use and members, so everyone would very much understand themselves.


There was also talk about that the SO shouldn’t say anything that might constrain the abilities to provide its necessary services.  So again, ISAOs really need to deliver on what its members want, and there was a recognition that any kind of certification process would be challenging because of the diversity of different types of ISAOs that may be spun up, so more discussion is needed.

When thinking about data protection, given the kinds of things that an ISAO would be aggregating, there is real concern to use a lot of the existing industry standards there and reinvent only when required, and member organizations already are governed by any number of contractual regulatory requirements.  And anything that the ISAO might say shouldn’t conflict with that.

The data that’s being shared by members or ISAOs with other ISAOs, there’s a need to have originator control; that is, the ability of the organization that is sharing that information to be able to specify how that’s ultimately being used.  And then, of course, to do a lot of this analysis, there needs to be capacity to do so, so there’s a need for training and education to have the right workforce and to know how to implement a number of these analytical activities.

Pivoting to Track 3 that was focused on automated indicator sharing—and there was a number of kind of topics explored here about what might be required to do that, what would be the responsibilities in that sharing, how to best control and handle that information, and what might be some of those technical requirements that the ISAOs should have.  A couple of key takeaways were that, again, organizations that are members of ISAOs—and even the ISAOs themselves would vary in size and flavor, and there needs to be an understanding of how that market segmentation may come out and understanding how that might ultimately impact, impact indicator sharing, whether it’s something as simple as volume.

There is a real need for a common language to make it easier to share, and the common language was really focused on kind of tagging of that data or perhaps formats, but there is also a recognition that interoperability really is the key, so raw formats with some context actually might be acceptable, and the recognition, very practically, it’s nice to talk about those formats, but it’s likely that ISAOs are going to have to accept lots of different information, regardless of whether it’s in some blessed set of formats.

To preposition effective communication, it might be—it might be good to have predefined relationships that would allow success to occur so—and there would be trust there when information arrives from different organizations.

When speaking about what might be shared, it’s clear that it must be actionable, and of course, as talked about independently in other tracks, there were previously done things in information sharing, what are the lessons learned, what can be done there to tee up what the SO ultimately does.

There’s almost a community, a community of norms that should come out of this about how ISAOs and members will share information, and there was discussion on what would be those obligations written, and written about how that information should occur, and a thread about, ultimately, what would be the cost of breaking some of those social norms, and what would be the governance associated with that.


And with that, that’s the summary of what we had that’s occurred all across the tracks.  That is, by no means, comprehensive.  That, by no means, covered everything that was talked about.  It was a great series of conversations in Track 1, and I hear it’s great in Track 2 or 3.  Please look out for the white paper that should be published in a couple weeks.  There will be significantly much more—significantly more comprehensive about everything that was discussed in all the tracks, and again, this will be the basis for what will be discussed in the future meeting in San Jose.

Yes, Larry.

ATTENDEE:  Are the slides from today going to be made available generally?

ROMAN DANYLIW:  Sir, can the slides be made available?

[No audible response.]

ROMAN DANYLIW:  Yes, the slides can be made available through the website.

ATTENDEE:  [Speaking off mic.]

ROMAN DANYLIW:  Through the engagement website or through the mailing list perhaps?  It will be sent out through the mailing list.

ATTENDEE:  Thank you.

ROMAN DANYLIW:  Other questions?

ATTENDEE:  [Speaking off mic.]

[Laughter.]

ROMAN DANYLIW:  Yes, sir.

ATTENDEE:  Will the white paper be delivered to attendees, like e-mail or something?

ROMAN DANYLIW:  The white paper will be produced, of course, to—DHS will get it, and from there, it will be distributed through the mailing list.  It will be distributed through the mailing list.

MIKE ECHOLS:  So the white paper needs to inform the next meeting, so we definitely want to make sure that you get that.  What we will try to do is get it out to you guys a few days before we post it.

ROMAN DANYLIW:  Okay, perfect.  Again, thank you for all your participation.

MIKE ECHOLS:  All right.  A couple of announcements.  When you exit, exit straight out these doors.  Do not go through the front of the building.  I really appreciate you guys attending, participating.  This is a slow process, but we are making progress because we are here, and we are getting it done.

So thank you.  Again, reach out to us, isao@hq.dhs.gov.  Thank you.

[Applause.]