<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
h1
        {mso-style-priority:9;
        mso-style-link:"Heading 1 Char";
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:24.0pt;
        font-family:"Times New Roman","serif";
        font-weight:bold;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
span.Heading1Char
        {mso-style-name:"Heading 1 Char";
        mso-style-priority:9;
        mso-style-link:"Heading 1";
        font-family:"Times New Roman","serif";
        font-weight:bold;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>The CA/Browser Forum has started a new working group to discuss the logistics of sharing infosec-related information among members of the CA/Browser Forum.  Just as a heads-up, a lot of the discussion will be about how to structure a system that minimizes the potential for legal liability (e.g. libel, unfairness/lack of due process, etc.).   The discussions will be public, but in order to participate and fully contribute, you will need to indicate your interest in participating.  Please send me an email off-list, and I’ll add you as a working group participant.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>If you are unfamiliar with this topic and would like to learn more, here are some resources:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>CRS: Report for Congress, Prepared for Members and Committees of Congress<o:p></o:p></b></p><p class=MsoNormal><b>Cybersecurity: Selected Legal Issues</b>, beginning at page 26 - <a href="http://www.law.umaryland.edu/marshall/crsreports/crsdocuments/R42409_04202012.pdf">http://www.law.umaryland.edu/marshall/crsreports/crsdocuments/R42409_04202012.pdf</a> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b>Evaluating the Impact of Cybersecurity Information Sharing on Cyber Incidents and Their Consequences</b><b><span style='font-size:13.5pt;font-family:"Times New Roman","serif"'> - </span></b><a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2418357">http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2418357</a> <o:p></o:p></p><p><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Rethinking FS-ISAC: An IT Security Information Sharing Network Model for the Financial Services Sector</span></b> - <a href="http://aisel.aisnet.org/cais/vol34/iss1/2">http://aisel.aisnet.org/cais/vol34/iss1/2</a> <o:p></o:p></p><p><b><span style='font-family:"Calibri","sans-serif"'>Legal Issues Associated with Data Collection & Sharing - </span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'><a href="http://www.syssec-project.eu/m/page-media/23/bic2011-09-westby.pdf">http://www.syssec-project.eu/m/page-media/23/bic2011-09-westby.pdf</a> <o:p></o:p></span></p><p><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Incentive Mechanism Design Based on Repeated Game Theory in Security Information Sharing</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> - <a href="http://www.atlantis-press.com/php/download_paper.php?id=7740">http://www.atlantis-press.com/php/download_paper.php?id=7740</a> <o:p></o:p></span></p><p><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Designing a Formal Model Facilitating Collaborative Information Sharing for Community Cyber Security</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> - <a href="http://www.computer.org/csdl/proceedings/hicss/2014/2504/00/2504b987.pdf">http://www.computer.org/csdl/proceedings/hicss/2014/2504/00/2504b987.pdf</a> <o:p></o:p></span></p><p><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Towards Improved Cyber Security Information Sharing</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> - <a href="http://www.ccdcoe.org/publications/2013proceedings/d3r1s5_dandurand.pdf">http://www.ccdcoe.org/publications/2013proceedings/d3r1s5_dandurand.pdf</a> <o:p></o:p></span></p><p class=MsoNormal><b>Information Sharing Models for Cooperative Cyber Defence</b> - <a href="http://www.ccdcoe.org/publications/2013proceedings/d1r2s2_hernandezardieta.pdf">http://www.ccdcoe.org/publications/2013proceedings/d1r2s2_hernandezardieta.pdf</a> <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>Draft Recommendation ITU-T X.1500 [X.cybex], Cybersecurity information exchange framework </b>- <a href="http://www.ietf.org/mail-archive/web/scap_interest/current/doc9OXVaIF1qq.doc">http://www.ietf.org/mail-archive/web/scap_interest/current/doc9OXVaIF1qq.doc</a> <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>ISAC Council</b> - <a href="http://www.isaccouncil.org/memberisacs.html">http://www.isaccouncil.org/memberisacs.html</a> <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>ENISA – Flair for Sharing - </b><a href="http://www.enisa.europa.eu/activities/cert/support/fight-against-cybercrime/legal-information-sharing/legal-information-sharing-1/at_download/fullReport">http://www.enisa.europa.eu/activities/cert/support/fight-against-cybercrime/legal-information-sharing/legal-information-sharing-1/at_download/fullReport</a> <o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b>Incentives and Challenges for Information Sharing in the Context of Network and Information Security</b> - <a href="http://www.enisa.europa.eu/activities/Resilience-and-CIIP/public-private-partnership/information-sharing-exchange/incentives-and-barriers-to-information-sharing">http://www.enisa.europa.eu/activities/Resilience-and-CIIP/public-private-partnership/information-sharing-exchange/incentives-and-barriers-to-information-sharing</a> <o:p></o:p></p></div></body></html>