The XSDs are provided to you “as is” with no warranties whatsoever, including any warranty of merchantability, non-infringement, or fitness for any particular purpose. The authors of the XSDs disclaim all liability, including liability for infringement of any proprietary rights, relating to use or implementation of information in the XSDs.
XSD, XML and JSON artifacts are licensed under the Creative Commons V4.0 license
All artifacts in this respository are Copyright Reliable Energy Analytics LLC (REA) 2018-2022
Richard “Dick” Brooks is a CMU/SEI certified Professional Software Architect with over 40 years of software engineering accomplishments, primarily serving the critical infrastructure industry with solutions for cyber-risk detection, secure message exchange, analytics (both data and cybersecurity) and enterprise architecture design/implementation and cybersecurity risk management. He is the Lead Software Engineer responsible for Business Cyber Guardian (TM) (BCG) (TM) flagship product, SAG-PM(TM) software supply chain risk assessment (C-SCRM + SBOM) application used to comply with SEC Cybersecurity Disclosure Regulations (17 CFR 229.106), Executive Order 14028 and NERC CIP-010-3, R1, Part 1.6 software verification requirements, following the NIST Cybersecurity Framework V1.1 and NIST SP 800-161r1, released in May 2022. He currently serves on CISA's ICT_SCRM Task Force, CISA's Critical Manufacturing Sector Coordinating Council and the IETF Supply Chain Integrity, Transparency and Trust (SCITT) work group.
Patents issued by USPTO:
Patent: 11,374,961 METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY
In 1993, as a Senior Software Consultant with Digital Equipment Corporation, he participated in the Internet Engineering Task Force (IETF) on the design and development of RFC 1767 MIME Encapsulation of EDI Objects and RFC 4130 EDIINT AS2. While serving as the Chief Technical Officer of TECH-COMM Inc, he co-chaired the GISB Electronic Delivery Mechanism (EDM) committee to exchange EDI data over the Internet, which was adopted as a FERC regulation under CFR Title 18 Part 284 and Wholesale Electric Standards, CFR Title 18 Part 38 . He was co-founder and Chief Technical Officer of Group 8760 where he led development of the Company’s market leading B2B software product, Inside Agent, a NAESB EDM software package, that reliably processes $65 Billion in transactions annually. He gained international acclaim as a co-author of the UN/CEFACT - OASIS ebXML Message Service Specification and was appointed to serve as the liaison assigned to the World Wide Web consortium where he coordinated the convergence of ebxml and SOAP. The ebxml MSS has been adopted by the IEC as Technical Standard 62325-502:2005, a standard for energy industry communications. The ebxml MSS has seen widespread adoption across the European Energy industry ENTSOG. Serving under Dave Darnell of Systrends he worked as an Advisor to Eirgrid, the ISO for Ireland, where he developed a framework for the Company’s Security Architecture. In 2004 he joined ISO New England as the Company’s Enterprise Architect, serving under Eugene Litvinov, where he developed, and successfully implemented the Company’s enterprise wide Service Oriented Architecture, co-authored the Company’s Smart Grid white paper, co-authored an award winning DOE Smart Grid funding proposal to install PMU devices, served as a software architect for ISO New England’s Forward Capacity Market Clearing Engine, and led industry wide standards development at NAESB, which earned him an ANSI Meritorious Service Award, and the ISO/RTO Council (Enterprise Architecture Standards V1.0). He represented ISO New England on the NIST Smart Grid Interoperability Panel and helped set the stage for standards to accommodate ISO/RTO Smart Grid operations, as well as other grid operations. As a Technical Lead and Principal Information Architect he led development of ISO New England’s Business Intelligence and Data Analytics platform over eight years and created the most widely utilized analysis used throughout ISO New England, the Market Monitoring Department FPA Viewer.
He has served within NAESB as Vice Chairman of the Wholesale Electric Quadrant Executive Committee, Chairs the Business Practices Subcommittee and has been an active member of NAESB’s cybersecurity sub-committee, responsible for the WEQ-012 PKI standards, since 2001. He is an active member of the Energy Central Community where he publishes reports, white papers and blog posts. He has been a member of the IEEE and ACM for over 30 years.
REA is a Company dedicated to supporting Energy Industry stake holders with their cybersecurity analytic requirements. Dick Brooks, the Co-Founder of REA, is a technical leader with extensive experience designing and building Business Intelligence, Data and Risk Analytic Platforms, Cybersecurity solutions and Enterprise Architectures. He continues to lead the development of energy industry standards at NAESB and in committee meetings where market rules and industry standards are being developed. He is the primary author of the "Always on Capacity Exchange" concept under consideration by NAESB for the 2020 Annual Plan, an overview presentation of AOCE is also available from NAESB. Dick currently serves as the NAESB Wholesale Electric Quadrant (WEQ) Executive Committee, Vice Chairman, Chairman of the WEQ Business Practices Subcommittee and an active participant within the WEQ Cybersecurity Subcommittee. REA is also a registered NERC entity and a member of the Northeast Power Coordinating Council, Task Force on Infrastructure Security and Technology (TFIST). In 2020 he re-joined OASIS-Open to work on industry standards for the automated reporting of cyber incidents as part of the OASIS Cyber Threat Intelligence (CTI) TC STIX/TAXII standards to programmatically submit "attempt to compromise" alerts to CISA ICS-CERT, in accordance with NERC CIP-008-6 . He also actively participates in the Department of Commerce NTIA Software Transparency (SBOM) initiative
Dick is the lead software engineer responsible for REA's software product, the Software Assurance Guardian (TM) Point Man (TM) (SAG-PM)(TM) software, a software supply chain risk assessment and management platform for the verification of software integrity and authenticity applying NIST Cybersecurity Framework guidelines to augment NERC CIP-010-3 R1, Part 1.6 as suggested by FERC in their 6/18/2020 White Paper, see docket AD20-19-000. A trust score, called a SAGScore (similar to a FICO score), provides Companies with a trustworthiness score for software objects before any attempt to install a software object in a computing system, affording a Company the opportunity to make a risk based decision to install, or not install, a software object. Version 1.1.0 of SAG-PM(TM) containing full support for NTIA supported SBOM formats, SPDX and CycloneDX was released on April 30, 2021, the SAG-PM(TM) V1.1.0 press release is available here. REA continues to implement C-SCRM best practices to protect the software supply chain, in accordance with the May 12, 2021 Cybersecurity Executive Order emphasizing the use of SBOM for C-SCRM product-centric risk assessments. The recent announcement of SAG-CTR(TM) the Community Trust Registry for the SAG-PM(TM) user community enables parties to register their trust in a spcific software package and digital signature combination, forming a bonded trust relationship, which other SAG-PM(TM) users can query. The more "trusting parties" the higher the Trustworthiness level. Software packages that receive a critical mass of trust declarations are eligible to receive the SAG-STAR(TM) label, indicating the highest degree of community trust. The SAG-PM (TM) software currently stands at version 1.2 with full support for OMB M-22-18 requirements for NIST Guidance to satisfy Executive Order 14028
Additional information is also available in an Energy Central Experts Forum interview of Dick Brooks conducted in September, 2019.
Dick remains an active member of the Energy Central Community and is one of only a handful of Community Experts with more than 500,000 views of his Energy Central postings and articles.