Page History

List of attendees:

• Peter Szegedi - TERENA
• Ingimar Jónsson - RHnet/University of Iceland
• Christoph Graf - SWITCH
• Romain Wartel - CERN
• Marius Urkis - LITNET
• Stefan Winter - RESTENA
• Cynthia Wagner - Fondation RESTENA
• Jovana Palibrk - Academic Network of Serbia
• Valentino Cavalli - TERENA
• Dave Mifsud - University of Malta
• Esther Robles Blazquez - RedIRIS
• Andrea Kropáčová - CESNET, a. l. e.
• Wayne Routly - DANTEMichael Nowlan - TERENA
• Robert cowles - BrightLite Information Security
• Dominique Launay - RENATER
• Piotr Strzyżewski - PIONIER Consortium
• Claudio Allocchio - GARR
• Christian Panigl - ACOnet
• Albert Hankel - SURFnet bv
• Jari Miettinen - CSC - IT Center for Science Ltd.
• Tomas P. de Miguel - RedIRIS
• Janos Mohacsi - NIIF/HUNGARNET
• Alf Moens - SURF (via video)
• Wayne Routly - DANTE

Notes:

After a brief introduction to the TERENA CISO group initiative given by Wayne Routly (DANTE),  Alf Moens (SURF) elaborated on the main drivers and objectives of such a group of high-level security experts. Building trusted relationship and coordination within and beyond the NRENs’ security teams is the most important aspect. Advocating the use of standards and sharing tangible implementation practices would be the key, besides trying to agree on common policy requirements. There is a growing demand and pressure on the NRENs from the universities to be able to talk to one single CISO person at managerial level. Coordination and clear escalation paths are as much important as swift policy decisions and compliance with the corresponding EC directives. There is a need for a dedicated role and a single person (i.e. contact/decision point) at NRENs to achieve and maintain the necessary trust level for the national as well as international user community.

Peter Szegedi (TERENA) threw the open question to the audience on how to proceed and asked for a roll call. SWITCH, GARR, SURF and RENATER noted that they already have a dedicated CISO person and the majority of the other NREN representatives were interested in finding an overall structure for their internal security related activities including CSIRT and NOC. NIIF mentioned that they have an official ISO certification that would be the good example to follow by others. Christoph Graf (SWITCH) commented that creating a TERENA Special Interest Group (SIG) would indeed be more appropriate than a task force at this stage. A quick show of hands indicated that about 80% of the attendees would participate in such a SIG.

Albert Hankel (SURFnet) said that SURFnet is willing to organize an “NREN Security Strategy Workshop” after the summer where all the interested NRENs are invited to. This meeting can also be the official kick-off meeting for the new TERENA CISO SIG. Alf Moens (SURF) and Wayne Routly (DANTE) volunteered to coordinate the workshop preparation and later on participate in the Steering Committee of the new SIG.

The logistic details of the SURFnet Workshop will soon be circulated on the TERENA CISO mailing list. Everybody is welcome to join the mailing list.