International Standardization Council

Date: Thursday, 17th October 2024, 09:58- 10:45 GMT-05:00
Attendees: John DiMaria, Claude Baudoin, Eric Hibbard, Shamun Mahmud (He/him/his), 15142414408, aashitajain

Meeting Summary

The meeting covered several key topics, starting with an overview of the SC27 and SC38 projects, highlighting ongoing work on privacy and identity management standards, including the progress of documents like 27017 and 27018, and the challenges faced during revisions. Updates on ITU-T recommendations were discussed, including changes in publication dates and titles, with a focus on the implications for cybersecurity and privacy standards. Eric Hibbard addressed the separation of SC27 and SC27701 standards, the status of SC38 projects, and the limitations of technical reports. Cybersecurity challenges in transit systems were raised, particularly regarding SCADA devices, with suggestions for further research. Updates on AI and cloud security papers indicated scope challenges and potential delays in approval. The standardization process was discussed, emphasizing the need for a permanent committee head and updates to liaison agreements. Finally, upcoming meetings were scheduled, including a March meeting and the SC27 meeting, with coordination efforts for participation.

Next steps

• Eric mentioned that the cloud computing security working group is developing content for a cloud operational resilience framework, with a draft recently posted. 
• Shamun Mahmud proposed the idea of potentially writing a paper on the cybersecurity vulnerabilities in transit systems, indicating a proactive approach to address the identified issues. 
• Claude Baudoin indicated that there is a need for a rewrite of the AI paper to ensure it focuses on the intersection of AI and cloud, and he expects to have significant editing work ahead to shape the paper appropriately. 
• Claude Baudoin mentioned that the revision of the security in the cloud paper is ongoing, with contributions from various members, and emphasized the importance of updating it to reflect recent developments in cybersecurity. 
• Claude Baudoin stated that he will ensure to add John DiMaria and Eric to the invitation for the December meeting, as well as update the liaison agreement with new contact information. 
• John DiMaria committed to ensuring that the meetings run smoothly until a new head is appointed, indicating his willingness to take on responsibilities in the interim. 
• Claude Baudoin will send a calendar invite for the cloud working group meeting to the OMG mailing list and to the participants, ensuring everyone is informed and can participate as desired.