While the initial mix of industry attendees was of.. varied technical knowledge.. I was pleasantly surprised by the level of preparation by the BSI. None of them were networkers, but they did have a clear agenda and a pretty good idea of what they wanted to know.
During the first round-table, they went through
- This is our idea of what we think SDN is
- Is SDN a fad or here to stay?
- What does the industry think about SDN?
- What are the current, future, and potential benefits of SDN?
- What are the current, future, and potential risks of SDN?
- How can SDN improve the security of critical infrastructure?
- How can you ensure that the whole stack from hardware through data plane to control plane can be trusted?
- How can critical parts of the SDN stack be developed in, or strongly influenced from, players in Germany or at least Europe?
Yes, some of those questions are rather basic and/or generic, but that was on purpose. The mix of clear expectations and open-ended questions was quite effective at getting at what they wanted to know.
During lunch, we touched on the more general topic of how to reach and interact with technical audiences, with regards to both networks and software. The obvious answer for initial contact in regards to networks was DENOG; which they didn't know about.
With software, the answer is not quite as simple. My suggestion was to engage in a positive way and thus build trust over time. Their clear advantage is that, contrary to most other services, their raison d'être is purely defensive and non-military so they can focus on audits, support of key pieces of software, and, most important of all, talk about their results. No idea if they will actually pursue this, but here's to hoping; we could all use more government players on the good side.