OASIS KICKOFF 7 June 2017 Agenda (1 of 2) 2 Time Topic Presenter 13:00 Call to Order and Request Volunteer to capture notes 13:00 Introductions and Roll Call Joe Brule
13:10 Election of Co-chairs Chet Ensign to conduct election 13:15 Election of Subcommittee co-chairs and executive secretary OpenC2 TC Chair to conduct election 13:25 Welcome from OASIS Staff Chet Ensign
13:40 Review of Charter Joe Brule 13:45 Operating Tempo Chair 13:55 OpenC2 Overview Presented by appropriate chairs Language Description Joe Brule
Agenda (2 of 2) 3 Time 13:55 Topic Presenter OpenC2 Overview (cont.) Summary of Collaboration Tools 14:20 Poll members for new business Chair 14:25
Action Item Review Executive Secretary 14:30 Adjourn 4 Call to Order and Introductions Joe Brule 5 Elections Chet Ensign Election Candidates and Outcome (1 of 2) 6
TC Co-Chairs Joe Brule (elected) Sounil Yu (elected) Bret Jordan Jyoti Verma Executive Secretary Joyce Fai (elected) Election Candidates and Outcome (2 of 2) 7
Language Description Document SC Actuator Profile SC Jason Romano (elected) Duncan Sparrell (elected) David Kemp (elected) Jyoti Verma (elected) Implementations Consideration SC
Dave Lemire (elected) Bret Jordan (floor nominated, elected) Allan Thomson (floor nominated, declined) Duncan Sparrell (withdrawn) 8 Welcome from OASIS Staff Chet Ensign 9 Review of Charter Joe Brule OpenC2 Charter (posted on OASIS, 1of 2) 10
Purpose create a standardized language for the command and control of technologies that provide or support cyber defenses Scope draft documents, specifications, lexicons or other artifacts to fulfill the needs of cyber security command and control in a standardized manner identifying gaps pertaining to the command and control of technologies is within [scope] OpenC2 Charter (2 of 2) 11
Deliverables Subcommittees Language Description Document (LDD) Security Considerations (aka IA Implementation Considerations document) Implementation Considerations Schema
Language Description Document Actuator Profiles Implementation Considerations Maintain appropriate libraries and repositories 12 Operating Tempo Joe Brule Operating Tempo Agenda 13 Constraints Proposed Schedule Way forward Standing Rule
Constraints 14 Accommodate time zones Three Hours early Six Hours late Far East Avoid Conflicts CTI TC Technical Committee and Subcommittees
Meeting Schedule 15 Proposed Schedule Technical Committee as a whole 2nd Thurs of the month at 11:00 Eastern (60 minutes) Language Description Document First Actuator Profile 2nd
and 4th Wednesday at 11:00 Eastern (60 minutes) Implementation Considerations First and 3rd Wednesday at 11:00 Eastern (60 minutes) and Third Tuesday at 11:00 Eastern (60 minutes) Actual tempo TBD by the Subcommittee Chairs Standing Rule 16 Rough Consent: RFC 7282:
Lack of disagreement is more important than agreement Encourage Deliberation at the SC level Present artifacts a minimum of 7 days prior to the TC meeting Call for Objections with 25% threshold (of members present) at the TC level (are there any objections?) Call to Question Accept Reject Send
back Standing rules can be suspended on a per issue basis, at the discretion of the chairs 17 OpenC2 Overview Joe Brule OpenC2 Overview 18 Reference Materials Focus/ Principles
Machine to Machine Commanding Abstractions that decouple the command Agnostic Interoperability External Dependencies/ Assumptions Decision has been made The action is warranted The transport is secure OpenC2 Focuses on Machine to Machine Commanding 19
STIX TAXII Standard Threat INTEL object Supports Analysis Standard Transport protocol Supports Secure Exchange OpenC2 Standard Command
Language Supports Acting OpenC2 is part of a Suite of OASIS Standards Way Forward 20 Executive Secretary Call for topics and draft agenda Capture and track actions Near term Subcommittee Tasks
Transfer Artifacts from legacy OpenC2 Forum Define Tempo Recruit subject matter experts Recruit document editors and secretaries Participation in the Subcommittees is the path to success 21 Language Description Document (LDD) OpenC2 LDD Approach 22 OpenC2 LDD Part 1: OpenC2 Core Concepts
Sections 1-3; some parts of section 3 move into Part 2 Pointer to Actuator Profile Repository Additional Artifacts Old Part 2: Open C2 Actions and Targets Tables normative> Derived from old Section 4 Top Level Property Tables (Command, Response, Alert) Action Property Tables Target Property Tables (include specifiers) Response Property Table (synchronous or asynchronous)
Alert Property Table Universal Modifier Property Tables Example Commands (in JSON) Foundational (not actuator specific) appear here (e.g., query, report, notify, start, stop, set, delete, update, effects-based actions )
Packet Filtering Firewall Router SDN Controller Endpoint Protection Scanner Sensor INTEROPERABILITY Use Cases 23 Actuator Profile OpenC2 Framework 24
Actuator Profiles 25 Observations 26 Actuator Profiles infuse industry-specific knowledge into OpenC2 Industry participation will enable success Industry collaboration will define the distinction between the standard and product differentiators Actuators based on capabilities
Device-based approach is redundant and does not support Network Function Virtualization A single device/product may support multiple profiles Universal profile defines common functions Potential Actuator Profiles 27 Actuator Capability Description Externalnotification Machine to human notifications to supports use cases that require human in the loop or human on the
loop. Privilegemanagement DAR-analytics Manage level of access to system, devices, files etc. to support mitigation of compromised users and/ or device use cases Task analytic engines to evaluate data at rest such as configuration files, tables, servers etc. to support data enrichment use cases DIT-analytics Task analytic engines to evaluate data in transit to support data enrichment use cases Router Manage layer 2 frame switching and
layer 3 packet routing functions Isolation Create an isolated environment Configuration Query and/or modify the configuration of assets. Used in data enrichment and isolation use cases Firewall First generation packet filter Application-proxy OPENC2 ACTUATOR PROFILES
Packet Filtering Firewall Router SDN Controller Endpoint Protection (Broad Scope?) Scanner (maps to analytics?) Sensor (maps to analytics?) Status of Actuator Profiles 28 Firewall Profile
Router Profile Introduction and MTI sections complete Data Modeling in process Industry to provide initial draft SDN Profile Rework Draft based on earlier work performed by SPAWAR Actuator Profile Outline 29 Section One: Introduction
Section Two: Language Binding Purpose/ Scope Applicability Commands: MTI and Optional Actions, Targets, Modifiers Responses Datatype Definitions Section Three: Command Summary Description of each action in context JSON example commands
Section Four: Abstract Schema Use cases provided in a separate repository Proposed Way Forward 30 SIGN UP for Actuator Profile SC Refine / Prioritize List of Actuator Profiles Identify Editors / working groups Feedback loops
Prototype Implementers Language Description Document Management Repository / version control 31 Implementation Considerations 32 Implementation Considerations SC Co-Chair Introductions
Purpose: Identify External Dependencies Provide Implementation Guidance Existing Artifacts: IA Implementation Considerations document OpenC2 Implementation Considerations document Prototype Implementations External Dependencies
33 Transport Layer Information Assurance Authentication Authorization Integrity Availability Confidentiality Message Prioritization
Message Identification/ Acknowledgment Contributions Wanted 34 Subcommittee participants Subcommittee secretary Document editors 35 Collaboration Tools Suite of Tools 36 GitHub
Slack To be managed by chairs of SC Drafts and Works in progress. OASIS Wiki
Informal discussion space All current TC members will be added and members checked biweekly GoogleDocs Codebase for prototypes, schemas etc. Existing codebase to remain in place New codebase to be housed in OASIS Repository for Documents accepted by Technical Committee House constructs (issue resolution) House general Information JIRA or GitHub House the action items (change control, what is opened, closed, short summary, pointer to fuller explanation)
37 Poll for New Business 1. 2. OASIS Borderless Cyber June 21st and 22nd in NYC. Send email on why you use OpenC2 to Duncan Sparrell. On12/6 Prague Joint OASIS meeting with First.org. Does OpenC2 want a face to face? 38 Action Item Review
