Richard “Dick” Brooks is a CMU/SEI certified Professional Software Architect with over 40 years of software engineering accomplishments, primarily serving the Energy industry with solutions for secure message exchange, analytics (both data and cybersecurity) and enterprise architecture design/implementation. He is the Lead Software Engineer responsible for the SAG-PM(TM) software supply chain risk assessment application used to comply with NERC CIP-010-3, R1, Part 1.6 software verification requirements, following the NIST Cybersecurity Framework V1.1.
In 1993, as a Senior Software Consultant with Digital Equipment Corporation, he participated in the Internet Engineering Task Force (IETF) on the design and development of RFC 1767 MIME Encapsulation of EDI Objects and RFC 4130 EDIINT AS2. While serving as the Chief Technical Officer of TECH-COMM Inc, he co-chaired the GISB Electronic Delivery Mechanism (EDM) committee to exchange EDI data over the Internet, which was adopted as a FERC regulation under CFR Title 18 Part 284. He was co-founder and Chief Technical Officer of Group 8760 where he led development of the Company’s market leading B2B software product, Inside Agent, a NAESB EDM software package, that reliably processes $65 Billion in transactions annually. He gained international acclaim as a co-author of the UN/CEFACT - OASIS ebXML Message Service Specification and was appointed to serve as the liaison assigned to the World Wide Web consortium where he coordinated the convergence of ebxml and SOAP. The ebxml MSS has been adopted by the IEC as Technical Standard 62325-502:2005, a standard for energy industry communications. The ebxml MSS has seen widespread adoption across the European Energy industry ENTSOG. Serving under Dave Darnell of Systrends he worked as an Advisor to Eirgrid, the ISO for Ireland, where he developed a framework for the Company’s Security Architecture. In 2004 he joined ISO New England as the Company’s Enterprise Architect, serving under Eugene Litvinov, where he developed, and successfully implemented the Company’s enterprise wide Service Oriented Architecture, co-authored the Company’s Smart Grid white paper, co-authored an award winning DOE Smart Grid funding proposal to install PMU devices, served as a software architect for ISO New England’s Forward Capacity Market Clearing Engine, and led industry wide standards development at NAESB, which earned him an ANSI Meritorious Service Award, and the ISO/RTO Council (Enterprise Architecture Standards V1.0). He represented ISO New England on the NIST Smart Grid Interoperability Panel and helped set the stage for standards to accommodate ISO/RTO Smart Grid operations, as well as other grid operations. As a Technical Lead and Principal Information Architect he led development of ISO New England’s Business Intelligence and Data Analytics platform over eight years and created the most widely utilized analysis used throughout ISO New England, the Market Monitoring Department FPA Viewer.
Patents filed with the USPTO:
METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY
He currently serves within NAESB as Vice Chairman of the Wholesale Electric Quadrant Executive Committee, Chairs the Business Practices Subcommittee and has been an active member of NAESB’s cybersecurity sub-committee, responsible for the WEQ-012 PKI standards, since 2001. He is an active member of the Energy Central Community where he publishes reports, white papers and blog posts. He has been a member of the IEEE and ACM for over 30 years.
REA is a Company dedicated to supporting Energy Industry stake holders with their cybersecurity analytic requirements. Dick Brooks, the Co-Founder of REA, is a technical leader with extensive experience designing and building Business Intelligence, Data and Risk Analytic Platforms, Cybersecurity solutions and Enterprise Architectures. He continues to lead the development of energy industry standards at NAESB and in committee meetings where market rules and industry standards are being developed. He is the primary author of the "Always on Capacity Exchange" concept under consideration by NAESB for the 2020 Annual Plan, an overview presentation of AOCE is also available from NAESB. Dick currently serves as the NAESB Wholesale Electric Quadrant (WEQ) Executive Committee, Vice Chairman, Chairman of the WEQ Business Practices Subcommittee and an active participant within the WEQ Cybersecurity Subcommittee. REA is also a registered NERC entity and a member of the Northeast Power Coordinating Council, Task Force on Infrastructure Security and Technology (TFIST). In 2020 he re-joined OASIS-Open to work on industry standards for the automated reporting of cyber incidents as part of the OASIS Cyber Threat Intelligence (CTI) TC STIX/TAXII standards to programmatically submit "attempt to compromise" alerts to CISA ICS-CERT, in accordance with NERC CIP-008-6 . He also actively participates in the Department of Commerce NTIA Software Transparency (SBOM) initiative
Dick is the lead software engineer responsible for REA's software product, the Software Assurance Guardian (TM) Point Man (TM) (SAG-PM)(TM) software, a software supply chain risk assessment and management platform for the verification of software integrity and authenticity applying NIST Cybersecurity Framework guidelines to augment NERC CIP-010-3 R1, Part 1.6 as suggested by FERC in their 6/18/2020 White Paper, see docket AD20-19-000. A trust score, called a SAGScore (similar to a FICO score), provides Companies with a trustworthiness score for software objects before any attempt to install a software object in a computing system, affording a Company the opportunity to make a risk based decision to install, or not install, a software object. Version 1.1.0 of SAG-PM(TM) containing full support for NTIA supported SBOM formats, SPDX and CycloneDX was released on April 30, 2021, the SAG-PM(TM) V1.1.0 press release is available here
Additional information is also available in an Energy Central Experts Forum interview of Dick Brooks conducted in September, 2019.