ACD Portfolio Use Cases - OASIS

ACD Portfolio Use Cases - OASIS

OASIS KICKOFF 7 June 2017 Agenda (1 of 2) 2 Time Topic Presenter 13:00 Call to Order and Request Volunteer to capture notes 13:00 Introductions and Roll Call Joe Brule

13:10 Election of Co-chairs Chet Ensign to conduct election 13:15 Election of Subcommittee co-chairs and executive secretary OpenC2 TC Chair to conduct election 13:25 Welcome from OASIS Staff Chet Ensign

13:40 Review of Charter Joe Brule 13:45 Operating Tempo Chair 13:55 OpenC2 Overview Presented by appropriate chairs Language Description Joe Brule

Agenda (2 of 2) 3 Time 13:55 Topic Presenter OpenC2 Overview (cont.) Summary of Collaboration Tools 14:20 Poll members for new business Chair 14:25

Action Item Review Executive Secretary 14:30 Adjourn 4 Call to Order and Introductions Joe Brule 5 Elections Chet Ensign Election Candidates and Outcome (1 of 2) 6

TC Co-Chairs Joe Brule (elected) Sounil Yu (elected) Bret Jordan Jyoti Verma Executive Secretary Joyce Fai (elected) Election Candidates and Outcome (2 of 2) 7

Language Description Document SC Actuator Profile SC Jason Romano (elected) Duncan Sparrell (elected) David Kemp (elected) Jyoti Verma (elected) Implementations Consideration SC

Dave Lemire (elected) Bret Jordan (floor nominated, elected) Allan Thomson (floor nominated, declined) Duncan Sparrell (withdrawn) 8 Welcome from OASIS Staff Chet Ensign 9 Review of Charter Joe Brule OpenC2 Charter (posted on OASIS, 1of 2) 10

Purpose create a standardized language for the command and control of technologies that provide or support cyber defenses Scope draft documents, specifications, lexicons or other artifacts to fulfill the needs of cyber security command and control in a standardized manner identifying gaps pertaining to the command and control of technologies is within [scope] OpenC2 Charter (2 of 2) 11

Deliverables Subcommittees Language Description Document (LDD) Security Considerations (aka IA Implementation Considerations document) Implementation Considerations Schema

Language Description Document Actuator Profiles Implementation Considerations Maintain appropriate libraries and repositories 12 Operating Tempo Joe Brule Operating Tempo Agenda 13 Constraints Proposed Schedule Way forward Standing Rule

Constraints 14 Accommodate time zones Three Hours early Six Hours late Far East Avoid Conflicts CTI TC Technical Committee and Subcommittees

Meeting Schedule 15 Proposed Schedule Technical Committee as a whole 2nd Thurs of the month at 11:00 Eastern (60 minutes) Language Description Document First Actuator Profile 2nd

and 4th Wednesday at 11:00 Eastern (60 minutes) Implementation Considerations First and 3rd Wednesday at 11:00 Eastern (60 minutes) and Third Tuesday at 11:00 Eastern (60 minutes) Actual tempo TBD by the Subcommittee Chairs Standing Rule 16 Rough Consent: RFC 7282:

Lack of disagreement is more important than agreement Encourage Deliberation at the SC level Present artifacts a minimum of 7 days prior to the TC meeting Call for Objections with 25% threshold (of members present) at the TC level (are there any objections?) Call to Question Accept Reject Send

back Standing rules can be suspended on a per issue basis, at the discretion of the chairs 17 OpenC2 Overview Joe Brule OpenC2 Overview 18 Reference Materials Focus/ Principles

Machine to Machine Commanding Abstractions that decouple the command Agnostic Interoperability External Dependencies/ Assumptions Decision has been made The action is warranted The transport is secure OpenC2 Focuses on Machine to Machine Commanding 19

STIX TAXII Standard Threat INTEL object Supports Analysis Standard Transport protocol Supports Secure Exchange OpenC2 Standard Command

Language Supports Acting OpenC2 is part of a Suite of OASIS Standards Way Forward 20 Executive Secretary Call for topics and draft agenda Capture and track actions Near term Subcommittee Tasks

Transfer Artifacts from legacy OpenC2 Forum Define Tempo Recruit subject matter experts Recruit document editors and secretaries Participation in the Subcommittees is the path to success 21 Language Description Document (LDD) OpenC2 LDD Approach 22 OpenC2 LDD Part 1: OpenC2 Core Concepts

Sections 1-3; some parts of section 3 move into Part 2 Pointer to Actuator Profile Repository Additional Artifacts Old Part 2: Open C2 Actions and Targets Tables normative> Derived from old Section 4 Top Level Property Tables (Command, Response, Alert) Action Property Tables Target Property Tables (include specifiers) Response Property Table (synchronous or asynchronous)

Alert Property Table Universal Modifier Property Tables Example Commands (in JSON) Foundational (not actuator specific) appear here (e.g., query, report, notify, start, stop, set, delete, update, effects-based actions )

Packet Filtering Firewall Router SDN Controller Endpoint Protection Scanner Sensor INTEROPERABILITY Use Cases 23 Actuator Profile OpenC2 Framework 24

Actuator Profiles 25 Observations 26 Actuator Profiles infuse industry-specific knowledge into OpenC2 Industry participation will enable success Industry collaboration will define the distinction between the standard and product differentiators Actuators based on capabilities

Device-based approach is redundant and does not support Network Function Virtualization A single device/product may support multiple profiles Universal profile defines common functions Potential Actuator Profiles 27 Actuator Capability Description Externalnotification Machine to human notifications to supports use cases that require human in the loop or human on the

loop. Privilegemanagement DAR-analytics Manage level of access to system, devices, files etc. to support mitigation of compromised users and/ or device use cases Task analytic engines to evaluate data at rest such as configuration files, tables, servers etc. to support data enrichment use cases DIT-analytics Task analytic engines to evaluate data in transit to support data enrichment use cases Router Manage layer 2 frame switching and

layer 3 packet routing functions Isolation Create an isolated environment Configuration Query and/or modify the configuration of assets. Used in data enrichment and isolation use cases Firewall First generation packet filter Application-proxy OPENC2 ACTUATOR PROFILES

Packet Filtering Firewall Router SDN Controller Endpoint Protection (Broad Scope?) Scanner (maps to analytics?) Sensor (maps to analytics?) Status of Actuator Profiles 28 Firewall Profile

Router Profile Introduction and MTI sections complete Data Modeling in process Industry to provide initial draft SDN Profile Rework Draft based on earlier work performed by SPAWAR Actuator Profile Outline 29 Section One: Introduction

Section Two: Language Binding Purpose/ Scope Applicability Commands: MTI and Optional Actions, Targets, Modifiers Responses Datatype Definitions Section Three: Command Summary Description of each action in context JSON example commands

Section Four: Abstract Schema Use cases provided in a separate repository Proposed Way Forward 30 SIGN UP for Actuator Profile SC Refine / Prioritize List of Actuator Profiles Identify Editors / working groups Feedback loops

Prototype Implementers Language Description Document Management Repository / version control 31 Implementation Considerations 32 Implementation Considerations SC Co-Chair Introductions

Purpose: Identify External Dependencies Provide Implementation Guidance Existing Artifacts: IA Implementation Considerations document OpenC2 Implementation Considerations document Prototype Implementations External Dependencies

33 Transport Layer Information Assurance Authentication Authorization Integrity Availability Confidentiality Message Prioritization

Message Identification/ Acknowledgment Contributions Wanted 34 Subcommittee participants Subcommittee secretary Document editors 35 Collaboration Tools Suite of Tools 36 GitHub

Slack To be managed by chairs of SC Drafts and Works in progress. OASIS Wiki

Informal discussion space All current TC members will be added and members checked biweekly GoogleDocs Codebase for prototypes, schemas etc. Existing codebase to remain in place New codebase to be housed in OASIS Repository for Documents accepted by Technical Committee House constructs (issue resolution) House general Information JIRA or GitHub House the action items (change control, what is opened, closed, short summary, pointer to fuller explanation)

37 Poll for New Business 1. 2. OASIS Borderless Cyber June 21st and 22nd in NYC. Send email on why you use OpenC2 to Duncan Sparrell. On12/6 Prague Joint OASIS meeting with First.org. Does OpenC2 want a face to face? 38 Action Item Review

Recently Viewed Presentations

  • Anthem - Yola

    Anthem - Yola

    Appearances "We could smarten up a bit and then go-" (p. 170) Ralph and Piggy want to clean up and then go talk to Jack and his hunters. They hope that Jack and the hunters will remember what they're supposed...
  • Secure Hashing Algorithm

    Secure Hashing Algorithm

    Arial Lucida Sans Unicode Times New Roman Arial Black Wingdings Default Design Default Design SECURE HASHING ALGORITHM Purpose: Authentication Not Encryption Background Theory Applications: One-way hash functions Variants Basic Hash Function Diagram Message Diagram SHA-1 (160 bit message) Algorithm Framework...
  • EXPUNGEMENT - Homestead

    EXPUNGEMENT - Homestead

    The court issued an order for judgment for the landlord, authorizing the issuance of a writ of recovery upon the landlord's payment of the writ fee. The landlord did not pay a fee to get a writ. Instead, while the...
  • CprE 458/558: Real-Time Systems Introduction to Real-Time Systems

    CprE 458/558: Real-Time Systems Introduction to Real-Time Systems

    CprE 458/558: Real-Time Systems (G. Manimaran) * Task constraints Deadline constraint Resource constraints Shared access (read-read) Exclusive access (write-x) Precedence constraints T1 T2: Task T2 can start executing only after T1 finishes its execution Fault-tolerant Requirements To achieve higher reliability...
  • Characteristics of Animals

    Characteristics of Animals

    A. Cephalization: the concentration of sense organs and nerve cells at the anterior end of the body - Most obvious in animals with bilateral symmetry Body Cavity Body cavity
  • Of Mice and Men Symbol and Motif Daniel

    Of Mice and Men Symbol and Motif Daniel

    Candy's dog is a symbol for Lennie. The relationship Candy has with his dog is very similar to the relationship George has with Lennie. George has been with Lennie to most of his life and feels responsible for Lennie. Just...
  • SEN & Inclusion Service Day

    SEN & Inclusion Service Day

    However Sandwell has zero funding for 2020/21. This is because the Government has looked at the unused places, in Sandwell, in 6th forms for example, and told Sandwell to move them all to one place, thus freeing up places in...
  • Looking Inside Cells - 7th Grade Life Science

    Looking Inside Cells - 7th Grade Life Science

    Looking Inside Cells (basic unit) Cell Wall Cell Membrane Nucleus Mitochondria Slide 7 Endoplasmic Reticulum Slide 9 Slide 10 Ribosomes Golgi Bodies Microscopic View of the Golgi Apparatus Chloroplasts Vacuoles Lysosome Lysosome Destroying a Mitochondrial Membrane Cytoskeleton Microfilaments Smallest strands...