Workshop on Security Incident Information Sharing (SIIS)

Friday, July 26, 2013, Berlin, Germany


High-profile data breaches and security incidents on the Internet are gaining increasing attention from the Internet community, but also from the public and from governments. Various Cybersecurity initiatives have recently been launched, such as the EU Cybersecurity plan, which plan to improve security on the Internet. Sharing of security incident information is one of the items that shall improve awareness and ensure a quicker response.

As related work, the IETF Messaging Abuse Reporting Format (marf) working group had developed a standardized report format that enables automated processing of observed fraud, spam, virus or other abuse activity in email communication. The Extensible Messaging and Presence Protocol (XMPP) community had also gained experience with incident reporting.  

Within the Internet Engineering Task Force (IETF) the Managed Incident Lightweight Exchange (MILE) working group has been chartered to develop standards and extensions for the purpose of improving incident information sharing and handling capabilities. The work in MILE builds on earlier work developed in the IETF Extended INCident Handling (INCH) working group. As a result of the standardization efforts, the Incident Object Description Exchange Format (IODEF) and the Real-time Inter-network Defense (RID) have been published. Several IODEF implementations are already available.

With the increased interest in incident information sharing the workshop organizers believe it is a good time to organize a tutorial workshop to discuss the current state of the standardization and deployment efforts, to share operational experience, and to brainstorm about some upcoming activities, for example the planned work on standardizing a Security Content Automation Protocol (SACM). Ideally, participants will have gained a much better understanding of the big picture as a result of this tutorial workshop.

Workshop Style

This half-day workshop (starting at 12:00 and finishing at 18:30) aims to target the wider security community interested in learning more about the ongoing standardization and deployment efforts. You are particularly welcome if you are willing to engage in a discussion with other workshop participants.
The workshop will be structured as a series of sessions punctuated by invited speakers who will present background information to help participants reach a deeper understanding of the subject. Note that there is no possibility for remote participation.


Workshop Registration
Due to the room size limitations we have a first-come, first-serve policy for participation. Registration for SIIS free of charge but the organizers only provide the facility and no catering support. However, we kindly ask you to register to support us in better room planning.

You can register on

Saturday Social - IETF Warm-Up! BBQ@FU Berlin

The IETF Warm-Up is a casual social to meet colleagues and friends working on the Internet. You are cordially invited to join. The BBQ is sponsored by BCIX.

Please follow the registration on

Although the SIIS workshop and the social are attached to the IETF#87 meeting in Berlin there is no requirement to register for the IETF meeting.


July 26, 2013

The slides of the talks are linked via the title of the presentations.
12:00 - 12:15 Welcome & Logistics (Matthias Wählisch, Freie Universität Berlin)
12:15 - 13:15 Overview of the work done in INCH and MILE on IODEF and RID (Kathleen Moriarty, EMC)
13:15 - 14:00 IODEF Use Examples (Kathleen Moriarty, EMC, and Ian Hardman, Blackthorn)
14:00 - 14:30 Break
15:30 - 16:30 Security Content Automation (Dave Waltermire, NIST)
16:30 - 17:00 Break
17:45 - 18:30 Next steps (Brian Trammel, ETH Zurich)
19:00 Group Dinner at a nearby beer garden. This is not sponsored ;), you pay on your own.

July 27, 2013

19:00 IETF Warm-Up! BBQ@Freie Universität Berlin. Sponsored by BCIX. Separate registration required.

Meeting Venue

SIIS will take place at Freie Universität Berlin at the Institute of Computer Science. The official address of the institute is Takustr. 9, 14195 Berlin, Germany.

Building/Room Number

Computer Science Main Building, Room 005.

General Directions to Freie Universität Berlin

You find detailed directions from airports and main train stations to the venue at

Traveling Between IETF Venue and Freie Universität Berlin

Traveling from the IETF venue to the Freie Universität Berlin takes about 30 minutes. It includes one metro ride.

From the Hotel InterContinental walk to metro station Wittenbergplatz and take the metro line U3 towards Krumme Lanke. Get off at station Dahlem Dorf and walk to the venue.

You find more details in the Google map.

Workshop Organizers

As members of the workshop committee we look forward to your input:

  • Patrick Curry (British Business Federation Authority)
  • Kathleen Moriarty (EMC, Co-Chair of the IETF MILE working group)
  • Brian Trammell (ETH Zurich, Co-Chair of the IETF MILE working group)
  • Hannes Tschofenig (Nokia Siemens Networks, Co-Chair of the IETF OAuth Working Group, Member of the Internet Architecture Board)
  • Sean Turner (IECA Inc., IETF Security Area Director)
  • Matthias Wählisch (Freie Universität Berlin)



In case of questions feel free to contact hannes.tschofenig AT