Capacity Building - Adam, Christopher, Joe, Shannon

# Capacity Building - Adam, Christopher, Joe, Shannon ## 2020 July 10 ### Agenda * Communication Channels & Preferences * HackMD * Synchronous: Signal (ChristopherA & Joe) * Async: email (ChristopherA & Joe) & Github * Capacity Building * Spending resources & capacity on something without necessarily knowing the outcome or results, or even planning for that * We don't know the outcomes * Nature of this Capacity Building collaboration * Limits * ChristopherA: Focus on this summer, max day a week * Advancing the field is his core work (4 days/week) * Adam: three buckets: consulting, advisory, advancing field * Joe: how we work together, wants to understand the use cases, flow, frameworks for understanding the system. * Identify risks, quantify risks, determine responses * Project management instutute's method is domain-independent * Shared Language, Artifacts, and Deep Context * Shared Language * ChristopherA's [post](http://www.lifewithalacrity.com/2009/09/creating-shared-language-and-shared-artiifacts.html) * weaknesses * We've had experience with this at RWOT * We create white papers, but developing the shared language may be what's most important * It's slippery and hard * Trying to create a shared language runs into the fact that there's a dictionary definition, a set of different definitions in different communities, and a _correct_ definition * Boundary Objects — A view into how different communities interoperate * For example dice are a boundary obect (see "The Bones") * We need to tell stories and connect them to emotions * Shared Artifacts * [RWOT](https://www.seagate.com/support/kb/how-can-i-factory-reset-my-wireless-plus-or-my-seagate-goflex-satellite-005975en/) * weaknesses * Deep Context * ChristopherA's [post](http://www.lifewithalacrity.com/2014/06/deep-context-shared-languages.html) * weaknesses * Worst Powerpoint * Something that gives you deeper understanding, but takes a lot of work to understand * And even if we have a deep context, it can still reflect deeper understanding * Exploring our language of risk management * What do each of us the top level of this called? Why? * https://hackmd.io/wMaVGtb_SdSuEUW0f29vQg * Some harms do not quantify well * Concerns with the word ADVERSARY * Lists are incomplete * Understanding of what they're going to do is inaccurate * Lack shared context, so we misjudge what they're going to do * But Christopher & Shannon may have different definition of adversary. It's built from motive, and it's categorical. It's not the same as an attacker persona. * Our goal was #1: to start with motivations, so that people could understand if they're actually impacted by an adversary * #2: to create categories to standardize the problems and solutions * (It may be adversary isn't the best word for this particular categorization & motivation exercise) * Joe asks: are our adversaries a complete set? (He can't tell from our content.) * Risk-modeling Language from #SmartCustody: ![](https://i.imgur.com/ebEdoej.png) * One question: _who is doing the work?_ (of the threat modeling) * Adam often works with engineers * Technical * Working in someone else's interests * Christopher & Shannon often work with crypto-holders * Might be non-technical * Often working in their own interest * Bounding what we might accomplish * What is the problem we would like to solve * threat modeling as ways to have a dialogue about about tech systems and security with the aim of improving it. * there is baggage in threat modeling community/shared language vs. cryptocurrency system * We could take list of 20 questions for custodians and the list of adversaries and STRIDE * We want to not just identify risks, but make our customers comfortable with having identified the risks * Client would like something more iterative than completist * They want us to dive in and get straight to stuff that really matters * But of course we need to take a systematic appoach to a certain extent * Picking starting points * Doing analysis * Getting request for more * So, we're not going to completely run through engagement model and risk model all at once * Adam's approach might be: * What is the system? What are we working on? * What can go wrong? * Build system models from Engagement model * Analyze based on STRIDE & Adversary List as well as Christopher's list of questions for custodians * Formally, Adam's approach: * 1. What are we working on, 2. what can go wrong, 3. what are we going to do, 4. did we do a good job? * Christopher's approach might be: * What do customers want (engagement model) * Include questions of legality like comingling * Assess where cryptocurrency at rest * Assess where cryptocurrency is moving * Look at the risks based on these * Pick two or three that we think have the greatest likelihood and consequence * Adam already relationship with them, and we expect that we can work together in the same way # Questions for Clients of Custodians (rough draft) * What due diligence questions should you ask of a Digital Asset Custodial service provider? * (rough start) * key rotation schedule, if any * key generation entropy quality * software upgrade policy * software archiving policy * hardware archival quality (such as for long-term storage of relevant technologies for accessing the wallet etc) * testnet testing procedures * mainnet testing procedures * accounting * auditing of the organization maintaining custody, audit frequency * which personnel have been hired, what are their contracts/terms, how long are they going to be employed, how are more people going to be hired in the future? * procedures and documentation (do the coin owners have copies? who is allowed to have copies of these documents?) * insurance and a copy of the insurance policy; who is the insurer? * fees, terms, conditions around cold storage with a custody provider * Where is the company located? Where are the offices? * Who are the key personnel in the company? * What should custody look like in 2018? What about in 2020? What should the expectations be for 2025? * What custody services have failed and why? Action Items: Started * Not really shared language yet * beginning shared understanding of adversary, threat, different models, and where we're each coming from Next week: Adam to talk to customer re contract: 1. Non compete 2. Vuln disclosure 3. Start dates 4. Adam to send contract - we'll have to ensure that flowthroughs are set up appropriately Blockchain Commons, LLC Next Call: * Adam to set more specific agenda, send doodle for next call * Whats our project definition? * What's the involvement level we need from them? (Including access to a scheduler)