Re: [saag] Side meeting on USG efforts to combat botnets, Wednesday at 3:15
"Beth Flippo" <beth.flippo@telegrid.com> Wed, 02 August 2017 19:56 UTC
Return-Path: <beth.flippo@telegrid.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 654E113209B for <saag@ietfa.amsl.com>; Wed, 2 Aug 2017 12:56:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.698
X-Spam-Level:
X-Spam-Status: No, score=-4.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3K7PJjOJEe3R for <saag@ietfa.amsl.com>; Wed, 2 Aug 2017 12:56:40 -0700 (PDT)
Received: from smtp105.biz.mail.bf1.yahoo.com (smtp105.biz.mail.bf1.yahoo.com [98.139.221.43]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A73C132146 for <saag@ietf.org>; Wed, 2 Aug 2017 12:56:40 -0700 (PDT)
Received: (qmail 50981 invoked from network); 2 Aug 2017 19:56:39 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1501703799; bh=tmeDelZ8QFPcH30cnSdFTZ5PxP5dbMa9bZhsI9Lazog=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version:Content-Type:In-Reply-To; b=UBxdfvxNtt1y06DIdExaoKrNlTesR13HKvvXhzHj5iGRMUxGSZgoyGYNUbmPjUaKRFUzVIlpwF/1eReUy/K9DXpEIqI3lDuTBPHPrFO8psQIG7z7c7EB/1G5uS3sx5G0/M3x33h6FCk/CmgElWQGAP1980A+JDspl0v662kQtzc=
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: EFjzMtsVM1mrRVegctRlFpb9AFbvtCl7R0sT7TpofijwlR0 t.CN4wwTtP8gmUaOWbTGFqhTpxkQnHEldzW35pHcKaS5t3nRuV4rrVyHNJAI 7za7I2ix35w1RXGGt_SHGZ5SJL8TAd8r9A2tvargu6Rr_Rae7wQDOeNdlDXO Vi18kz_.G8xX5MsimZOUpGKIz_RFSkTQqolVTk9wqMplMSeGuyZYWq0FHYXK jKrQ5iDOFy10.xZRt15bxpdH66EEXBCg4o83e6UH7hU8L4JGLNtwWluB4cZd LdmVcRNAPOL7TuPS9CeeWLjEUdTCa8OrMgVCFoNi3uaDug9gIQpn7vTBh6Ej wpb0OrPKZxMSeWw1nE7rUvt3An28nMxBOwhrpGSGwxxSFHqnqGN8qTD2rfPJ AR1wiv6BsxD.fg8lf_7OgwRY_snZsRa3ueUmQTuu3C1zUDD7V4zOQxal_dmK XrT_IhJaPnQAs.XWJaVjz2FYVEPosf9hrwHTPh5CohNhbPYROV1j.9jqNJve fkm_glsZJtvqR8h45FFF25fsucYfPXKLn8NfoKuJAzwUgTHU4QDeFPQ6B6w_ f8REdzqDceBQVJNM-
X-Yahoo-SMTP: jmBfdwyswBDjKAJJHOJZlktXNss-
From: Beth Flippo <beth.flippo@telegrid.com>
To: 'Joseph Lorenzo Hall' <joe@cdt.org>, "'Polk, Tim (Fed)'" <william.polk@nist.gov>
Cc: saag@ietf.org
Date: Wed, 02 Aug 2017 16:16:05 -0400
Message-ID: <4460B8AC888C44CE9AD96092D90E06B7@telegridtech.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0255_01D30BAA.A6C8F510"
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
In-Reply-To: <CABtrr-XiCRA4KL5_eRA49tmFvrG0KXmLF1KaBLZYDGyimFP-1A@mail.gmail.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/oATIj-e20mz7lyVCdKErjJ66HZ8>
Subject: Re: [saag] Side meeting on USG efforts to combat botnets, Wednesday at 3:15
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Aug 2017 19:56:43 -0000
Hello everyone! I am an embedded software developer at TELEGRID and we specialize in the development of custom embedded cybersecurity solutions for the US Military. I personally develop on ARM microcontrollers as well as embedded LINUX microprocessors. Unfortunately I wasn't able to attend the botnet meeting last month but I did read the attached Best Practices for IOT Devices document. I think it is a good approach to secure software development from a high-level. I don't know if this is the right forum but I was hoping to provide tangible steps to implement security on IoT embedded platforms based on my experience. Any recomendations for how I can get involved? Thank you! Beth Beth Flippo VP Embedded Software Development TELEGRID Technologies, Inc. 23 Vreeland Road Florham Park, NJ 07932 Work: (973) 994-4440 www.telegrid.com TELEGRID is ISO 9001:2008 Certified ------------------------------------------------------------------------ ------------------------------- This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind TELEGRID to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. ------------------------------------------------------------------------ ------------------------------- -----Original Message----- From: saag [mailto:saag-bounces@ietf.org] On Behalf Of Joseph Lorenzo Hall Sent: Wednesday, July 19, 2017 10:05 AM To: Polk, Tim (Fed) Cc: saag@ietf.org Subject: Re: [saag] Side meeting on USG efforts to combat botnets, Wednesday at 3:15 Richard Barnes pointed to this I-D that looks pretty damn good here in terms of a floor for IoT technical requirements: https://tools.ietf.org/html/draft-moore-iot-security-bcp-01 On Tue, Jul 18, 2017 at 11:51 AM, Polk, Tim (Fed) <william.polk@nist.gov> wrote: Folks, I have reserved the side meeting room (Tyrolka, Mezzanine Level) on Wednesday from 3:15 - 4:30 for an informal discussion of an ongoing US Government effort to combat botnets and other "automated, distributed threats" to the Internet. This effort will produce a document that identifies and promotes "action by appropriate stakeholders" by May of 2018. Given that the USG does not own or operate the Internet, such an effort is always at risk of creating shelfware, and I am too old to waste my time that way. To ensure that actions identified in the report are pragmatic and effective, I would like to encourage participation by members of this community. If you have an interest, please join me in Tyrolka tomorrow afternoon or catch me in the hallway between meetings. For those with an interest, here is some additional background information, including an immediate opportunity to participate: Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, which was issued May 11, 2017, requires the Secretaries of Commerce and Homeland Security to "jointly lead an open and transparent process to identify and promote action by appropriate stakeholders to improve the resilience of the internet and communications ecosystem and to encourage collaboration with the goal of dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets)." The executive order requires Commerce and DHS to issue a draft report in 240 days (January 5, 2018) and submit a final report to the President one year after issuance (May 11, 2018). Given this aggressive timeline, there are several different (but hopefully complementary) workstreams underway at Commerce and DHS that may be of interest. In particular: (1) The National Telecommunications and Information Administration (NTIA) published a "Request for Comments on Promoting Stakeholder Action Against Botnets and Other Automated Threats" on June 8. In the request, "NTIA seeks broad input from all interested stakeholders-including private industry, academia, civil society, and other security experts-on ways to improve industry's ability to reduce threats perpetuated by automated distributed attacks, such as botnets, and what role, if any, the U.S. Government should play in this area." NTIA would definitely appreciate comments from members of this community! Additional details may be in the full text of the request for comments, found in https://www.gpo.gov/fdsys/pkg/ <https://www.gpo.gov/fdsys/pkg/FR-2017-06-13/pdf/2017-12192.pdf> FR-2017-06-13/pdf/2017-12192.pdf Note that the official comment period was extended to July 28 in https://www.gpo.gov/fdsys/pkg/ <https://www.gpo.gov/fdsys/pkg/FR-2017-06-22/pdf/2017-13034.pdf> FR-2017-06-22/pdf/2017-13034.pdf (2) Last week, NIST hosted a public workshop on "Enhancing Resilience of the Internet and Communications Ecosystem". 150 participants from a range of industry sectors, civil society, and government participated in a day and half workshop. The workshop explored a range of current and emerging solutions to enhance the resiliency of the Internet against automated, distributed threats. The workshop agenda is available at https://www.nist.gov/sites/ <https://www.nist.gov/sites/default/files/documents/2017/07/10/final-dra ft-agenda-resilience-workshop-070517.pdf> default/files/documents/2017/07/10/final-draft-agenda-resilience-worksho p-070517.pdf NIST plans to summarize results in a workshop report for publication in September 2017. Regards, Tim Polk _______________________________________________ saag mailing list saag@ietf.org https://www.ietf.org/mailman/ <https://www.ietf.org/mailman/listinfo/saag> listinfo/saag -- Joseph Lorenzo Hall Chief Technologist, Center for Democracy & Technology [https://www.cdt.org] 1401 K ST NW STE 200, Washington DC 20005-3497 e: joe@cdt.org, p: 202.407.8825, pgp: https://josephhall.org/gpg-key Fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
- [saag] Side meeting on USG efforts to combat botn… Polk, Tim (Fed)
- Re: [saag] Side meeting on USG efforts to combat … Joseph Lorenzo Hall
- Re: [saag] Side meeting on USG efforts to combat … Beth Flippo