Comment from Ron Southworth
Time: April 13, 2007, 10:37 am

Hi Dale it is good to have a slow week lets you catch up on things…

Have a good Day

Comment from Ron Southworth
Time: April 16, 2007, 10:55 pm

Dale from the CPNI Web Site

One of the previous discussons we discussed alternatives to public disclosure, here is the UK model taken from the CPNI web site:

“Information sharing concept

The sharing of information about the risks facing networks is self evidently beneficial to both government and industry. If a mechanism can exist through which one company can learn from the experiences, mistakes, and successes of another, without fear of exposing company sensitivities to competitors and the media, then every participant can improve their level of assurance.

This mechanism, called an Information Exchange, is based upon the personal trust of representatives, sharing information in a confidential meeting, run under a version of the ‘Chatham House Rule’.

http://www.chathamhouse.org.uk/index.php?id=14

Trust is built up slowly; representatives at Information Exchanges are expected to attend all meetings, which are held every two months. Meeting face-to-face, we are building up a trusted, relatively small community with a common interest. Each organisation can put forward a maximum of two representatives, and cannot send substitutes to attend; a stranger turning up at a meeting would inhibit the sharing of sensitive information.”

An alternate to the public disclosure model that I know you are fond of but perhaps the industry is not “main stream IT” enough to accept at this point in time. With the ISAC’S as I understand it there is very little information that is shared from the government to the utilities whereas this model calls for more communication and interaction from all participants. Would it not be better to encourage some communication and build up trusts rather than have no communication at all?

Ron Southworth