Date   

Re: Security challenges at LFE

Shuli Goodman
 

I would like to second this - this is not a nice to have…it is critical for us to continue to stay in front of security.

Please chime in. Let's get some ideas out.
Thanks!


Shuli



l. shuli rose goodman phd.
executive director, LF Energy
a Linux Foundation project
twitter: @LFE_Foundation
linkedin.com/in/shuligoodman
c: +1.415.722.9688
v: +1.707.874.3231
+++++++++++++++++++++++++++
+++++++++++++++++++++++++++



On Nov 2, 2021, at 8:54 AM, Mirz, Markus <mmirz@...> wrote:

Hello,
 
after collecting material on the wiki page (https://wiki.lfenergy.org/display/HOME/Security+Working+Group) and in the mail thread “Resources on security”, it would be great to summarize the security challenges seen specifically in the context of LFE. This could become another section on the wiki page.
 
Please let us know in this thread if you would like to contribute to this summary.
 
Thanks 
Markus


Security challenges at LFE

Mirz, Markus <mmirz@...>
 

Hello,

 

after collecting material on the wiki page (https://wiki.lfenergy.org/display/HOME/Security+Working+Group) and in the mail thread “Resources on security”, it would be great to summarize the security challenges seen specifically in the context of LFE. This could become another section on the wiki page.

 

Please let us know in this thread if you would like to contribute to this summary.

 

Thanks

Markus


Re: Resources on security

Dick Brooks
 

Markus,

 

Here is my comment:

 

Consider adopting an open source SBOM based Vulnerability Disclosure Report (VDR) XML schema to report on SBOM component level NIST NVD search results and vendor known vulnerability status information: https://github.com/rjb4standards/REA-Products/raw/master/SAGVulnDisclosure.xsd

SAMPLE VDR is available here: https://github.com/rjb4standards/REA-Products/blob/master/SAGVulnDisclosureSAG-PM.xml

 

Explanation of how VDR information is used during an SBOM C-SCRM software risk assessment is available here: https://www.linkedin.com/posts/richard-dick-brooks-8078241_how-does-vendor-provided-software-vulnerability-activity-6860955924933165056-mMcQ

 

 

 

 

From: security@... <security@...> On Behalf Of Mirz, Markus
Sent: Tuesday, November 2, 2021 11:32 AM
To: security@...
Subject: [Security WG] Resources on security

 

Dear all,

 

To facilitate the collection of resources on security topics, I would suggest that we use this mail thread to propose links etc.

Please just drop your ideas here and I will update the wiki page: https://wiki.lfenergy.org/display/HOME/Security+Working+Group

I hope that this facilitates the process compared to updating the wiki page directly 😉

 

Cheers

Markus

 

 

 


Resources on security

Mirz, Markus <mmirz@...>
 

Dear all,

 

To facilitate the collection of resources on security topics, I would suggest that we use this mail thread to propose links etc.

Please just drop your ideas here and I will update the wiki page: https://wiki.lfenergy.org/display/HOME/Security+Working+Group

I hope that this facilitates the process compared to updating the wiki page directly 😉

 

Cheers

Markus

 

 

 


LFE Security Workshop

Shuli Goodman
 

I am canceling this meeting. Bart will follow up. Thanks,

LFE Security Workshop

When
Wed Sep 2, 2020 8am – 10am Pacific Time - Los Angeles
Who
sgoodman@... - organizer
security@...
Karsai, Gabor
Bart Luijkx
simon@...
This will be a workshop to do a security assessment for the digital twins project.

Details will come from Bart.


SaveTheDate for a European TSO / DSO "Cybersecurity: Data Sharing” webinar event on October 7th, 2020

boris.dolley@...
 



"Ce message est destiné exclusivement aux personnes ou entités auxquelles il est adressé et peut contenir des informations privilégiées ou confidentielles. Si vous avez reçu ce document par erreur, merci de nous l'indiquer par retour, de ne pas le transmettre et de procéder à sa destruction.

This message is solely intended for the use of the individual or entity to which it is addressed and may contain information that is privileged or confidential. If you have received this communication by error, please notify us immediately by electronic mail, do not disclose it and delete the original message."


Invitation: LFE Security Workshop @ Wed Sep 2, 2020 8am - 10am (PDT) (security@lists.lfenergy.org)

Shuli Goodman
 

You have been invited to the following event.

LFE Security Workshop

When
Wed Sep 2, 2020 8am – 10am Pacific Time - Los Angeles
Calendar
security@...
Who
sgoodman@... - organizer
security@...
This will be a workshop to do a security assessment for the digital twins project.

Details will come from Bart.

Going (security@...)?   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account security@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Architecture meetings this week

Jeffrey Osier-Mixon <josiermixon@...>
 

Hi all - in preparation for the architecture meetings this week, I wanted to make sure everyone had the meetings on their calendars, the existing architecture deck, and the agenda for the meetings. Please let me know if you have any questions.

Meetings:

Monday 8:30am - 10:30am PDT - Functional Architecture
Monday 12:00pm - 2:00pm PDT - Technical Architecture
Thursday 8:30am - 10:00am PDT - Data Architecture
All meetings will be held on zoom: https://zoom.us/j/9332682426

A folder with agenda doc, taxonomy sheet, and original deck is here. I will be updating these during the meetings.
https://drive.google.com/drive/folders/1OWRASkas5iUGj7xsmu69oBDW5OpnD900  

Agenda: Functional Architecture
  • Welcome / introductions
  • What we have today:
    • Presentation of the existing HL Arch and taxonomy view
    • Clarify functional, technical. and data architecture 
    • Discussion on what is lacking (generation / behind the meter / other ideas)
  • Discussion on what we want to achieve:
    • Clarify goals & purpose
    • Expected outcomes
    • Expected deadlines
    • Link with actual standards (e.g. IEC 61968, CIM)
    • Present to larger community at open meeting March 18
  • Cross-functional organization of the work:
    • SIGs for specific topics (IoT, cloud, security) for technical layer
    • Single architecture group for functional layer, integrating technical contributions
  • First identified tasks:
    • Split existing high-level architeture into functional, technical, data layers 
    • Collaboration tools, how to work between meetings, meeting schedule
      • Archimate, github, visualization tools, shared docs
The agendas for further meetings will be determined by the first. Please feel free to suggest topics.

--
Jeffrey "Jefro" Osier-Mixon  |  Linux Foundation  |  linuxfoundation.org


Invitation: LF Energy Architecture @ Wed Mar 18, 2020 7:30am - 9am (PDT) (security@lists.lfenergy.org)

Jeffrey Osier-Mixon <josiermixon@...>
 

You have been invited to the following event.

LF Energy Architecture

When
Wed Mar 18, 2020 7:30am – 9am Pacific Time - Vancouver
Where
https://zoom.us/j/843337635 (map)
Calendar
security@...
Who
josiermixon@... - organizer
sgoodman@...
iot@...
arjan.stam@...
lucian.balea@...
architecture@...
justin.de.hoop@...
security@...
benoit.jeanson@...

──────────

Jeffrey Osier-Mixon is inviting you to a scheduled Zoom meeting.

Join Zoom Meeting
https://zoom.us/j/843337635

Meeting ID: 843 337 635

One tap mobile
+16699006833,,843337635# US (San Jose)
+16465588656,,843337635# US (New York)

Dial by your location
+1 669 900 6833 US (San Jose)
+1 646 558 8656 US (New York)
877 369 0926 US Toll-free
855 880 1246 US Toll-free
+1 647 558 0588 Canada
855 703 8985 Canada Toll-free
Meeting ID: 843 337 635
Find your local number: https://zoom.us/u/abrGsU8nPS


──────────

Going (security@...)?   Yes - Maybe - No    more options »

Invitation from Google Calendar

You are receiving this courtesy email at the account security@... because you are an attendee of this event.

To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://www.google.com/calendar/ and control your notification settings for your entire calendar.

Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn More.


Booting up architecture meetings

Jeffrey Osier-Mixon <josiermixon@...>
 

Hi folks - Shuli and I met today with Benoit and Justin to discuss the path forward for the LF Energy architecture discussions. We have a few other special-interest groups as well (security and iot) that are dependent on, and which feed into, the architecture discussion.

What we'd like to do to get all of these groups in sync is to start with an overall architecture meeting and discussion in a few weeks to do a level-set on the work already done and to lay the ground work for future discussions on all of these topics. After that, we can divide into separate discussions on security, iot, and other topics that the group will define, with the overall goal to form a comprehensive architecture for the power systems of the 21st century.

The current date is March 18 at 7:30am PST, 4:30pm CET. Hope to talk to you all then.

--
Jeffrey "Jefro" Osier-Mixon  |  Linux Foundation  |  linuxfoundation.org

1 - 10 of 10