[cybersecurity-wg] Welcome and Opening Topic

Stanley A. Klein sklein at cpcug.org
Tue Feb 9 19:47:01 CST 2010 

Roger -

To introduce myself, I am Managing Principal at Open Secure Energy Control
Systems, LLC, which is developing open source software for some key
standards of the Smart Grid.  I am active in the IEEE Power and Energy
Society, in the NIST Smart Grid activities and in the IEEE-USA
Communications Policy, Energy Policy, and Intellectual Property
committees.

Two comments on the topic.  This issue is far from new.  It was a major
issue in the battle over UCITA and was part of the reason the American Bar
Association refused to endorse UCITA.  The only way "self help" could work
would be if there were a hole in the operating system put there by the OS
developer for the purpose of allowing licensors to break in.

The issue goes back to the Montgomery County, Maryland library system,
which was back in the early 1970's.  That is one of the classics.  There
was also the multi-hospital laboratory system that crashed because the
time bomb triggered erroneously and the case of the Revlon warehouse
system.

My other comment is to recommend that people look at the second public
draft of the cybersecurity NIST Interagency report (NISTIR) for the Smart
Grid.  It has a lot of good information that goes well beyond the Smart
Grid.  It can be found at
http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/NISTIR7628Feb2010
together with a template for submitting comments (that is the working
page; it is also linked at http://www,nist.gov/smartgrid).  I haven't
looked closely, but I wouldn't be surprised if the issue of embedded
malware is included at least in the vulnerabilities appendix.


Stan Klein




On Mon, February 8, 2010 11:21 pm, Roger Yee wrote:
> Welcome to the Cybersecurity Working Group in support of Open Source for
> America.
>
>
>
> I'll be your working group chair for cybersecurity. A quick background on
> me: most recently I was a VP with BAE Systems responsible for global
> defense
> and security IT programs for US customers. A portion of this business area
> formed the basis of what is now the Cybersecurity business unit within BAE
> Systems. Additionally, I have successfully championed the use of open
> technology and standards within our cybersecurity products and associated
> programs.
>
>
>
> With the increasing focus of cybersecurity by the government and industry,
> it has become even more important for those of us engaged in the open
> source
> community to help shape and voice the role of open source and
> cybersecurity.
> I am sure there are more than plenty of topics and issues for this group
> to
> put forth and openly discuss.
>
>
>
> Opening topic:
>
>
>
>
>
> Securing the software supply chain has received notable attention in
> recent
> months over concerns of software "timebombs", backdoors and embedded
> malware. What challenges does the open source development model face in
> the
> context of secure code and cybersecurity? Should developers be subject to
> background checks (aka security clearances)? What role should industry
> play
> in securing the software supply chain?
>
>
>
> I invite you to introduce yourself to the working group and join the
> conversation!
>
>
>
> Roger
>
> _______________________________________________
> cybersecurity-wg mailing list
> cybersecurity-wg at opensourceforamerica.org
> http://opensourceforamerica.org/cgi-bin/mailman/listinfo/cybersecurity-wg
>


--

More information about the cybersecurity-wg mailing list