Meeting Summary for International Standards Council Monthly Meeting
Nov 16, 2023 08:56:40 Central Time (US and Canada) ID: 871 7560 3515
Attendees: Eric Hibbard (Samsung), John DiMaria, Jim Angle, Claude Baudoin, Kurt Seifried, CA and SC7 Liaison Steven Woodward, Rachelle Summers
Quick recap
John and Eric discussed the standard 20996 and its potential availability at the Iso level. They also planned to delve into the AI situation in relation to the healthcare industry. Eric provided updates on various documents and certifications being processed in the US, including a document on the 14th of December and the progress of Phips, 1, 40, and the 19790 document. Eric and John reviewed the progress of the Csa IoT committee, and touched on operational resilience. They also discussed the internationalization of 0 trust and the differences between US and international standards. Kurt and Eric delved into the challenges of verifying the authenticity of AI-generated content and its potential impact on their work. They voiced concerns about intellectual property rights and copyright issues, especially in relation to standards development. Claude reported the passing of Richard, a founder of the organization, due to a health accident. He also discussed his ongoing collaboration with NCX.9F.4 on a standard about cloud management and security for financial institutions. John discussed the need to update the list of liaison officers for the various working groups and expressed uncertainty about who should fill the roles. Towards the end, they agreed to schedule a follow-up meeting on the 20th to discuss updates on operation resilience.
Summary
Discussion on ISO Standard 20996 and AI in Healthcare
John and Eric had a discussion about the standard 22989. John was unsure if it was available at the ISO level. Eric suggested it would probably be at the FDIS level if it existed. They also planned to discuss the AI situation at length, specifically in relation to the healthcare industry. Eric reported that the security and privacy aspect of their work was quiet at the moment but noted interest in some areas. He mentioned that comments on the 27017 CD were due by the ninth or tenth of December. This standard is a go-to practice for information security controls based on Iso 27002 for cloud services. Other participants, including Jim and Kurt, joined the meeting later.
Document Processing and Plenary Meeting Updates
Eric provided updates on various documents and certifications being processed in the US. He mentioned that the US will be processing a document on the 14th of December. He also informed John about the plenary meeting in April, which will be held in Berlin, and that there may be one or two work groups meeting in person before the main meeting. Furthermore, Eric discussed the 27404 project, which is a consumer IoT labeling framework, and mentioned that the third working draft is available, with the ballot closing in early January. Eric also informed John about a series of meetings scheduled for the editing session to get to the CD stage by the April meeting.
Progress and Resilience: IoT Committee and Operation Resilience
Eric and John reviewed the progress of the CSA IoT committee, with Eric noting significant positive developments. They also discussed operational resilience, with John expressing interest in promoting it to Hillary's group. Eric shared that he had not heard anything about operational resilience for a while but mentioned a new work proposal related to business continuity and resilience, which he had been part of the editing team for. The formation of a new project called Operation Resilience was also discussed, aiming to scope the topic of operational resilience and create a framework for it. Eric has been working with Steve Diamond, chair of the Computing standards committee, to push this project forward. By the next Se. 38 meeting in March, Eric hoped they could discuss how to involve Se. 38, with John and Claude showing interest in participating. Eric also touched on the internationalization of 0 trust and the differences between US and international standards.
OCP, CSA, and AI Policy Discussions
Eric and Kurt discuss the Open compute project, which involves hyper scalers driving specifications for their supply chain. John asks if there is any cross-talk between OCP and CSA, and Eric mentions that OCP has recently created an assessment activity called OCP Safe, which might be worth considering for CSA. They also discuss the use of AI for policy-making in the Canadian Federal Government, mentioning that AI can be used to help inform policy but not directly write it. Kurt mentions that they are planning to use AI at the CSA and wants to label where AI was used to generate decisions. Eric shares a summary of AI-related projects from the American Bar Association and the National Institute of Robotics. Kurt shares his experience with Chat GPD, a search engine that made up fake sources and apologized for giving him the real ones.
Authenticity, Intellectual Property, and AI-Generated Content
Kurt and Eric delved into the challenges of verifying the authenticity of AI-generated content and its potential impact on their work. They voiced concerns about intellectual property rights and copyright issues, especially in relation to standards development. Kurt pointed out the difficulties in proving the origin of the content and the possible legal implications if copyrighted material was inadvertently included in a standard. Eric noted the possibility of using AI for language cleanup but stressed the need for caution to avoid unintentional alteration of the meaning. In addition, Eric, Kurt, and John discussed the potential issues surrounding the use of AI in content generation and the difficulties in detecting AI-generated content. They also emphasized the importance of transparency, feedback loops, and due diligence to ensure the authenticity and quality of the content. John highlighted that these issues might be resolved in court, and Eric mentioned the American Bar Association's newly formed AI Task Force aimed at providing guidance on the use of AI.
Projects, Tribute, Collaboration, Standards, and Voting
John and Claude discussed several ongoing projects. Claude reported the passing of Richard, a founder of the organization, due to a health accident. He also discussed his ongoing collaboration with ANSI X9 on a standard about cloud management and security for financial institutions. Lastly, Claude informed the team about a ballot going on related to a standard and asked for representatives from CSA to vote.
Voter Status Uncertainty and Adaptive Management Concerns
Claude clarified that due to uncertainty around Troy's voter status within the X9 group, it was necessary for him to confirm his credentials with the liaison person he has been communicating with. Claude also mentioned that he would send John and Eric the link to the ANSI X9 ballot version or the next X9F ballot version for Troy's use. Additionally, Claude expressed concern over potential overlap between their work on adaptive management for cloud computing and that of other groups. The conversation ended with Eric questioning whether CSA had joined X9, as liaisons cannot vote, but contribute valuable comments. Claude promised to forward a message from Jeffolton of Wells Fargo, a co-chair of X9, to John and Eric for further clarification.
Liaison Officer Update and Working Group Discussion
John discussed the need to update the list of liaison officers for the various working groups and expressed uncertainty about who should fill the roles. He also offered to share the document with the team for review and suggested that anyone interested in being a liaison for a particular working group should let him know. In the end, Eric asked about the existence of a circularity-focused working group in CSA, to which John expressed uncertainty and offered to check.
Drive Reuse, Data Security, and Operation Resilience
Eric and John discussed the challenges and considerations around reusing drives. Kurt added that data disruption and destruction are not within their scope, but it needs to be done securely. John mentioned that he sent out a copy of the NIST Public Draft CSf, 2.0 for review and invited comments. Towards the end, they agreed to schedule a follow-up meeting on the 20th to discuss updates on operation resilience.
Next Steps
John will provide an updated Liason report for all member to review and decide if they want to volunteer for any of the groups as an ISC Liason.
Next meeting will be December 21st. Close to the holiday, but Eric may have an update on the IEEE collaboration on operational resiliance, so it was decided to hold the call.
------------------------------
JOHN DIMARIA
ME
CSA
[email protected]------------------------------