OpenC2 in the News

April 15, 2024
OpenC2 Participates in CASP Cybersecurity Automation Village.

OpenC2 TC member organizations participated in the 11-12 April 2024 Cybersecurity Automation Village. The Village, sponsored by the Open Cybersecurity Alliance Cybersecurity Automation Subproject (CASP), addressed sharing information, prototyping, testing, and specifying interoperability among cybersecurity automation technologies.

OpenC2 participated in use cases involving the Kestrel Threat Hunting Language and CACAO-based automation.

Contributions from IBM and HII focused on the OpenC2 Threat Hunting AP and were supported by a CACAO playbook that illustrated invoking a sequence of huntflows developed for the demonstration.

A video of the presentation and demonstration is available on YouTube.

February 21, 2024
OpenC2 Actuator Profile For Threat Hunting 1.0 Published as OASIS Committee Specification Draft.

OASIS has published Committee Specification Draft 02 of OpenC2 Actuator Profile for Threat Hunting v1.0. This CSD was approved for publication by the OpenC2 TC. The Threat Hunting AP defines the OpenC2 Actions, Targets, Arguments, and Specifiers along with conformance clauses to enable the operation of OpenC2 Producers and Consumers in the context of cyber threat hunting. It covers the identification and invocation of stored hunting processes (e.g., “hunt flows”), passing of hunt parameters, and the expected type(s) and format(s) of information returned by hunting processes.

January 17, 2024
OpenC2 Actuator Development Process Version 1.0 Published as OASIS Committee Note.

OASIS has published Committee Note 01 of OpenC2 Actuator Profile Development Process v1.0. This CN was approved for publication by the OpenC2 TC. The CN describes the TC’s process for using the JSON Abstract Data Notation (JADN) information modeling language in the development of APs, resulting in a rigorous schema for an AP properly integrated with the base OpenC2 language.

December 6, 2023
Preparations for April Cybersecurity Automation Village.

NOTE: Updated to reflect schedule changes for the Village.

OpenC2 TC members participated in the first preparation session (December 6th) for a planned April 2024 Cybersecurity Automation Village (CAV) event. A test matrix is being developed to document participants’ planned contributions and facilitate identifying opportunities to demonstrate interoperability. A second preparation session is planned for 5 March 2024, and the CAV will be held April 11-12 at Peraton’s offices at 1875 Explorer St, Reston, VA 20190.

The CASP GitHub repository contains detailed information and is the place to sign up to participate and contribute to the Village. The CASP mailing list is also a coordination resource.

October 18, 2023
Open Standards in Collective Defense.

TC member Jason Kierstead was the co-presenter of a webinar titled “Winning in Football Requires Collective Defense. So Does Cybersecurity.”, hosted by ISSA. His co-presenter was Shannon Noonan, CEO/Founder at HiNoon Consulting. Follow the link to view an archived copy (you’ll be asked for a name and a business email address).

The webinar touches on a range of subjects related to collective defense. There’s a discussion of the importance of open standards for information sharing starting around 30:30 and a specific mention of OpenC2 around 32:35.

September 28, 2023
OpenC2 Presentation at SecOps24.

TC member Vasileios Mavroeidis will be presenting on OpenC2 at the SecOps2024 International Exercise & Conference on Security Operations. This event takes place February 15, 2024 in Budapest, Hungary.

Title: Do away with siloed cybersecurity operations and customized integrations.

Description: As the number of vulnerable channels continues to grow, there is also an increase in the deployment of security solutions. This highlights the importance of interconnecting an organization’s cybersecurity solutions to ensure ongoing and effective threat management. However, integrations are costly to develop and maintain and heavily rely on proprietary communication interfaces that require reconfiguring parts or the entire defense ecosystem of the organization when tools are introduced or replaced or when there are updates to the APIs utilized. This presentation will discuss OASIS Open Command and Control (OpenC2), a standardized machine-to-machine language for the command and control of cyber defense technologies, allowing them to interoperate without needing customized integrations.

September 20, 2023
OpenC2 Actuator Profile For Threat Hunting 1.0 Published as OASIS Committee Specification Draft.

OASIS has published Committee Specification Draft 01 of OpenC2 Actuator Profile for Threat Hunting v1.0. This CSD was approved for publication by the OpenC2 TC. The Threat Hunting AP defines the OpenC2 Actions, Targets, Arguments, and Specifiers along with conformance clauses to enable the operation of OpenC2 Producers and Consumers in the context of cyber threat hunting. It covers the identification and invocation of stored hunting processes (e.g., “hunt flows”), passing of hunt parameters, and the expected type(s) and format(s) of information returned by hunting processes.

May 24, 2023
OpenC2 Participating in Cybersecurity Automation Village.

OpenC2 TC member organizations will be participating in the 13 June 2023 Cybersecurity Automation Village. The Village, sponsored by the Open Cybersecurity Alliance CASP subproject, is for sharing information, prototyping, testing, and specifying interoperability among cybersecurity automation technologies.

OpenC2 members will participate in use cases involving the Kestrel Threat Hunting Language and CACAO-based automation.

April 19, 2023
Information Modeling with JADN Version 1.0 Published as OASIS Committee Note.

OASIS has published Committee Note 01 of Information Modeling with JADN v1.0. This CN, a companion to the JADN Specification, was approved for publication by the OpenC2 TC. The CN describes the value and use of Information Models (IMs), contains explanations of the JADN language, explains how to construct IMs using JADN with examples, and contrasts IMs with other modeling approaches, such as Entity-Relationship models for databases, and knowledge models / ontologies.

February 17, 2023
Information Modeling with JADN Committee Note Draft 01 published by OASIS.

OASIS has published Committee Note Draft (CND) 01 of Information Modeling with JADN v1.0. This CND, a companion to the JADN Specification, was approved for publication by the OpenC2 TC, and describes the use of IMs, explains how to construct IMs using JADN, and contrasts IMs with other modeling approaches, such as Entity-Relationship models for databases, and knowledge models / ontologies. Development of this CN is on-going.

January 26, 2023
OpenC2 TC Member Vasileios Mavroeidis Named OASIS Distinguished Contributor.

Dr. Vasileios Mavroeidis was named an 2022 OASIS Distinguished Contributor. Dr. Mavroeidis specializes in the domains of automation and cyber threat intelligence representation, reasoning, and sharing, and is an active participant in multiple OASIS TCs. Distinguished Contributors are individuals recognized for their significant impact on the open source and open standards communities.

December 31, 2022
(Paper) The Role of OASIS OpenC2 in Cybersecurity Automation and Orchestration.

A paper by TC Member Dr. Vasileios Mavroeidis that presents a concise summary of the “why” (motivation) for OpenC2. This article (author’s version) documents a thematic talk under “Increased Automation for Detection, Prevention and Mitigation Measures” given at “The 2nd ECSCI Workshop on Critical Infrastructure Protection” in April 2022.

November 16, 2022
OASIS Publishes CSD01 of the OpenC2 Language Specification, v2.0.

The Language Specification is the foundation document defining the OpenC2 language. The TC has determined to advance the Language Specification to Version 2.0 to address changes identified since the November 2019 publication of v1.0, CSD02, including a small number of breaking changes. CSD01 is the initial publication of the in-development v.0 specification.

September 30, 2022
Open Command and Control (OpenC2) Architecture v1.0 approved as an OASIS Committee Specification.

The Architecture Specification is an overarching document that describes the concepts and organization of OpenC2, and provides a blueprint for developing Actuator Profiles and Transfer Specifications. It also describes the abstract architecture of OpenC2 to define a common understanding of the messages and interactions for all bindings and serializations.

June 3, 2022
OASIS Publishes CSD01 of the OpenC2 Architecture Specification, v1.0.

The Architecture Specification is an overarching document that describes the concepts and organization of OpenC2, and provides a blueprint for developing Actuator Profiles and Transfer Specifications.

June 2, 2022
OpenC2 Participates in Cybersecurity Automation Workshop (CAW).

Cybersecurity Automation Workshops are a series of events to prototype and test interoperability among cybersecurity automation technologies. OpenC2 participated in the latest CAW event, which also explored related cybersecurity technologies including Software Bill of Materials (SBOM), and security Posture Attribute Collection & Evaluation (PACE).

April 28, 2022
Presentation on the Role of OpenC2 in Cybersecurity Automation.

Dr. Vasileios Mavroeidis, a member of the OpenC2 TC, gave a talk on “the role of OpenC2 in cybersecurity automation” at the 2nd ECSCI Workshop on Critical Infrastructure Protection, organized by the European Cluster for Securing Critical Infrastructures (ECSCI).

April 12, 2022
The Science of SOAR on security podcast.

Dr. Vasileios Mavroeidis, a member of the OpenC2 TC, was a guest on the mnemonic security podcast, to discuss “The Science of SOAR”.

January 19, 2022
OpenC2 TC Co-Chair named OASIS Distinguished Contributor.

Duncan Sparrell, a co-chair of the OpenC2 TC, was named an OASIS Distinguished Contributor.

December 3, 2021
OASIS Publishes CS01 of the OpenC2 HTTPS Transfer Specification, v1.1.

HTTP over TLS is a widely deployed transfer protocol that provides authenticated, ordered, lossless delivery of uniquely-identified messages. This document specifies the use of HTTP over TLS as a transfer mechanism for OpenC2 Messages. This specification replaces the July 2019 v.10 CS01, and incorporates changes to OpenC2 message formatting and other lessons learned through interoperability testing. A Testing conformance target is provided to support interoperability testing without security mechanisms.

December 1, 2021
OASIS Publishes CS01 of the OpenC2 MQTT Transfer Specification, v1.0.

OpenC2 transfer specifications describe how to use standard protocols to transfer OpenC2 messages. The MQTT Transfer Specification describes how to use MQTT v5.0 in support of OpenC2 messaging.

October 13, 2021
OASIS Announces Public Review of the HTTPS Transfer Specification, v1.1.

OpenC2 transfer specifications describe how to use standard protocols to transfer OpenC2 messages. The HTTPS Transfer Specification describes how to use HTTP and TLS in support of OpenC2 messaging. The v1.1 update incorporates an updated OpenC2 message format and the option for a testing mode without TLS, the addition of a well-known path for POSTing OpenC2 commands, and other minor changes and corrections.

August 30, 2021
OASIS Publishes CSD01 of the OpenC2 Language Specification, v1.1.

The Language Specification is the foundation document defining the OpenC2 language. Version 1.1 of the Language Specification will address changes identified since the November 2019 publication of v1.0, CSD02.

August 30, 2021
OASIS Announces Public Review of the MQTT Transfer Specification, v1.0.

OpenC2 transfer specifications describe how to use standard protocols to transfer OpenC2 messages. The MQTT Transfer Specification describes how to use MQTT v5.0 in support of OpenC2 messaging.

August 24, 2021
OASIS Publishes CS01 of the JSON Abstract Data Notation (JADN) Specification, v1.0.

JSON Abstract Data Notation (JADN) is a UML-based information modeling language that defines data structure independently of data format. Information models are used to define and generate physical data models, validate information instances, and enable lossless translation across data formats. A JADN specification consists of two parts: type definitions that comprise the information model, and serialization rules that define how information instances are represented as data.

August 17, 2021
OASIS Publishes CSD01 of the Actuator Profile for Packet Filtering, v1.0.

The Packet Filtering AP will combine stateless and stateful packet filtering under a single AP, and make provisions for use in cloud environments.

June 24, 2021
STIX, OpenC2, CACAO Playbooks - Cybersecurity Standards Working Together To Tackle Recent String of High-Profile Hacks (video).

Michael Rosa (NSA) explores OpenC2 applications (at approximately the twenty-six minute mark) in a Borderless Cyber panel on how standards could help with the recent attacks.

June 24, 2021
STIX, OpenC2, CACAO Playbooks - Future Challenges and Directions for Security Automation and Orchestration (video).

Neal Ziring, Technical Director, National Security Agency delivers the keynote address for the Borderless Cyber 2021, in which he discusses the importance of OpenC2 in evolving cybersecurity challenges.

June 22, 2021
OpenC2 Plugfest.

A successful OpenC2 Plugfest was held in conjunction with Borderless Cyber 2021.

February 10, 2021
Sharing & Exchanging SBOMs (paper)..

The NTIA Software Transparency Multistakeholder Group is producing documentation on how improve software supply chain, particularly on the value om Software Bill of Materials (SBOM). The “Sharing & Exchanging SBOMs” paper includes OpenC2 as one of the mechanisms.

January 12, 2021
OASIS publishes CACAO Playbook Committee Specification including OpenC2 in playbooks.

The OASIS CACAO TC published CACAO Security Playbooks Version 1.0, Committee Specification 01. This security playbook specification on collaborative automated course of action operations (CACAO) includes how to specify security actions using OpenC2.

December 8, 2020
Cybersecurity Automation (video).

“Cybersecurity Automation” was presented at the ITU Kaleidoscope Academic Conference, including openC2’s role in cybersecurity automation. (video - click on word “English”)

December 8, 2020
Demonstrating OpenC2 and SOAR (video).

IACD experiment using OpenC2 with a Swimlane orchestrator and Symantec ICDx to respond to malicious software download.

October 28, 2020
Cyber Security Automation Virtual Plugfest / Hackathon.

Information about the October 28, 2020 Plugfest / Hackathon, a mashup of SBOM / OpenC2 / SCAPv2 / IACD / CACAO / OCA / MUD / DBOM virtual Proof-of-Concept (PoC) / plugfest / hackathon.

October 23, 2020
SBOM PoC / OpenC2 Plugfest / Hackathon.

A LinkedIn post by Dan Johnson.

August 18, 2020
A nonproprietary language for the command and control of cyber defenses – OpenC2.

An academic paper by Vasileios Mavroeidis.

July 29, 2020
OpenC2 Orchestration vs the Cyber Kill Chain.

A blog post on Medium by Erich Izdepski.

May 27, 2020
EclecticIQ Joins Forces with Endpoint Solution Provider PolyLogyx.

A press release on businesswire.com.

March 06, 2020
Making IoT safer with BEAM OTP (video).

A presentation to Code BEAM SF 2020 by Duncan Sparrell (video).

Feb 5, 2020
Through the First OpenC2 Plugfest - Towards Standardization.

A LinkedIn article by Vasileios Mavroeidis.

January 27, 2020
Twenty-eight organizations meet across two days to test interoperability and implement the standard at the inaugural OpenC2 PlugFest.

Information about the January 27-28, 2020 OpenC2 Plugfest / Hackathon sponsored by Dreamport and hosted by UMBC Training.

December 12, 2019
Open Command and Control (OpenC2) Language Specification v1.0 from OpenC2 TC approved as a Committee Specification.

OASIS announcement of the publication of the 24 November 2019 CS02 version of the OpenC2 Language Specification.

December 4, 2019
ITU Kaleidoscope.

Conference proceedings for December 2019 ITU Kaleidoscope (large PDF), includes paper on Cyber-Safety in Healthcare IoT by Duncan Sparrell

November 24, 2019
Open Command and Control (OpenC2) Language Specification Version 1.0 (CS02).

The HTML version of the OpenC2 Language Specification, CS02, which contains minor updates to CS01.

October 8, 2019
Improving IOT Safety using standards to improve IOT Security.

A presentation by Duncan Sparrell at Borderless Cyber in Washington, DC (conference program entry).

September 3, 2019
3 Promising Technologies Making an Impact on Cybersecurity.

A commentary article on DARKReading by Jon Oltsik.

August 7, 2019
A New Window Onto an OpenC2 World.

A report (PDF) from HardenStance.com about the publication of three initial OpenC2 Committee Specifications.

August 5, 2019
Three Committee Specifications approved by Open Command and Control (OpenC2) TC.

The official OASIS publication announcement for the three initial OpenC2 Committee Specifications (CS01 versions).

July 11, 2019
Open Command and Control (OpenC2) Language Specification Version 1.0.

The HTML version of the OpenC2 Language Specification, CS01.

July 11, 2019
Open Command and Control (OpenC2) Profile for Stateless Packet Filtering Version 1.0.

The HTML version of the Stateless Packet Filtering actuator profile, CS01.

July 11, 2019
Specification for Transfer of OpenC2 Messages via HTTPS Version 1.0 (CS01).

The HTML version of the HTTPS Transfer Specification, CS01.

May 01, 2019
5 threat detection and response technologies are coming together.

A Cybersecurity Snippets article by Jon Oltsik at CSO Online.

April 2, 2019
OpenC2 can accelerate security operations, automation, and orchestration.

A Cybersecurity Snippets article by Jon Oltsik at CSO Online.

April 2, 2019
OpenC2 can accelerate security operations, automation, and orchestration.

A Cybersecurity Snippets article by Jon Oltsik at CSO Online.

November 12, 2018
Busting Cybersecurity Silos.

An article by Sridhar Muppidi at SecurityIntelligence.com.

October 24, 2018
Duncan Sparrell interview with Ed Amoroso of TAG Cyber.

Duncan Sparrell, Chief Cyber Curmudgeon at S-Fractal Consulting, chats about his long career at AT&T, current projects, and trends in cyber security (YouTube video).

September 6, 2018
Response at Cyberspeed to Attack.

IoTsm “Response at Cyberspeed to Attack” Proceedings of the International Conference on Industrial Internet of Things and Smart Manufacturing

March 15, 2018
Let it Be Hacked - Code Beam SF 2018.

Presentation by Duncan Sparrell at Code Beam SF 2018 (video).

November 18, 2017
Cybersecurity, Erlang, & Opensource Combine in OpenC2.

Cybersecurity, Erlang, & Opensource Combine in OpenC2

October 19, 2017
Responding to Cyber Attacks at Machine Speed.

Presentation by Duncan Sparrell at Rochester Security Summit 2017 (Prezi).

September 5, 2017
International Community Comes Together at OASIS to Advance OpenC2 Standard for Automated Defense Against Cyber-Attacks.

OASIS press release about the work of the OpenC2 Technical Committee.

June 14, 2017
NSA's new open language for cyber-defenses will aid interoperability.

Article about OpenC2 and the formation of the OASIS OpenC2 TC by Shaun Waterman on cyberscoop.com.

June 7, 2017
Formation meeting for OASIS OpenC2 Technical Committee..

Public link to meeting minutes for the formation meeting.

April 10, 2017
OpenC2 Forum Transitions to OASIS OpenC2 TC.

OASIS Call For Participation in the newly-forming OpenC2 Technical Committee.

March 23, 2017
Responding to Cyber Attack at Machine Speed.

Presentation by Duncan Sparrell at Erlang & Elixir Factory SF 2017 (YouTube video).