April 15, 2024

OpenC2 TC member organizations participated in the 11-12 April 2024 Cybersecurity Automation Village. The Village, sponsored by the Open Cybersecurity Alliance Cybersecurity Automation Subproject (CASP), addressed sharing information, prototyping, testing, and specifying interoperability among cybersecurity automation technologies.

OpenC2 participated in use cases involving the Kestrel Threat Hunting Language and CACAO-based automation.

Contributions from IBM and HII focused on the OpenC2 Threat Hunting AP and were supported by a CACAO playbook that illustrated invoking a sequence of huntflows developed for the demonstration.

A video of the presentation and demonstration is available on YouTube.

February 21, 2024

OASIS has published Committee Specification Draft 02 of OpenC2 Actuator Profile for Threat Hunting v1.0. This CSD was approved for publication by the OpenC2 TC. The Threat Hunting AP defines the OpenC2 Actions, Targets, Arguments, and Specifiers along with conformance clauses to enable the operation of OpenC2 Producers and Consumers in the context of cyber threat hunting. It covers the identification and invocation of stored hunting processes (e.g., “hunt flows”), passing of hunt parameters, and the expected type(s) and format(s) of information returned by hunting processes.

January 17, 2024

OASIS has published Committee Note 01 of OpenC2 Actuator Profile Development Process v1.0. This CN was approved for publication by the OpenC2 TC. The CN describes the TC’s process for using the JSON Abstract Data Notation (JADN) information modeling language in the development of APs, resulting in a rigorous schema for an AP properly integrated with the base OpenC2 language.

December 6, 2023

NOTE: Updated to reflect schedule changes for the Village.

OpenC2 TC members participated in the first preparation session (December 6th) for a planned April 2024 Cybersecurity Automation Village (CAV) event. A test matrix is being developed to document participants’ planned contributions and facilitate identifying opportunities to demonstrate interoperability. A second preparation session is planned for 5 March 2024, and the CAV will be held April 11-12 at Peraton’s offices at 1875 Explorer St, Reston, VA 20190.

The CASP GitHub repository contains detailed information and is the place to sign up to participate and contribute to the Village. The CASP mailing list is also a coordination resource.

October 18, 2023

TC member Jason Kierstead was the co-presenter of a webinar titled “Winning in Football Requires Collective Defense. So Does Cybersecurity.”, hosted by ISSA. His co-presenter was Shannon Noonan, CEO/Founder at HiNoon Consulting. Follow the link to view an archived copy (you’ll be asked for a name and a business email address).

The webinar touches on a range of subjects related to collective defense. There’s a discussion of the importance of open standards for information sharing starting around 30:30 and a specific mention of OpenC2 around 32:35.

September 28, 2023

TC member Vasileios Mavroeidis will be presenting on OpenC2 at the SecOps2024 International Exercise & Conference on Security Operations. This event takes place February 15, 2024 in Budapest, Hungary.

Title: Do away with siloed cybersecurity operations and customized integrations.

Description: As the number of vulnerable channels continues to grow, there is also an increase in the deployment of security solutions. This highlights the importance of interconnecting an organization’s cybersecurity solutions to ensure ongoing and effective threat management. However, integrations are costly to develop and maintain and heavily rely on proprietary communication interfaces that require reconfiguring parts or the entire defense ecosystem of the organization when tools are introduced or replaced or when there are updates to the APIs utilized. This presentation will discuss OASIS Open Command and Control (OpenC2), a standardized machine-to-machine language for the command and control of cyber defense technologies, allowing them to interoperate without needing customized integrations.

September 20, 2023

OASIS has published Committee Specification Draft 01 of OpenC2 Actuator Profile for Threat Hunting v1.0. This CSD was approved for publication by the OpenC2 TC. The Threat Hunting AP defines the OpenC2 Actions, Targets, Arguments, and Specifiers along with conformance clauses to enable the operation of OpenC2 Producers and Consumers in the context of cyber threat hunting. It covers the identification and invocation of stored hunting processes (e.g., “hunt flows”), passing of hunt parameters, and the expected type(s) and format(s) of information returned by hunting processes.

May 24, 2023

OpenC2 TC member organizations will be participating in the 13 June 2023 Cybersecurity Automation Village. The Village, sponsored by the Open Cybersecurity Alliance CASP subproject, is for sharing information, prototyping, testing, and specifying interoperability among cybersecurity automation technologies.

OpenC2 members will participate in use cases involving the Kestrel Threat Hunting Language and CACAO-based automation.

April 19, 2023

OASIS has published Committee Note 01 of Information Modeling with JADN v1.0. This CN, a companion to the JADN Specification, was approved for publication by the OpenC2 TC. The CN describes the value and use of Information Models (IMs), contains explanations of the JADN language, explains how to construct IMs using JADN with examples, and contrasts IMs with other modeling approaches, such as Entity-Relationship models for databases, and knowledge models / ontologies.

February 17, 2023

OASIS has published Committee Note Draft (CND) 01 of Information Modeling with JADN v1.0. This CND, a companion to the JADN Specification, was approved for publication by the OpenC2 TC, and describes the use of IMs, explains how to construct IMs using JADN, and contrasts IMs with other modeling approaches, such as Entity-Relationship models for databases, and knowledge models / ontologies. Development of this CN is on-going.

January 26, 2023

Dr. Vasileios Mavroeidis was named an 2022 OASIS Distinguished Contributor. Dr. Mavroeidis specializes in the domains of automation and cyber threat intelligence representation, reasoning, and sharing, and is an active participant in multiple OASIS TCs. Distinguished Contributors are individuals recognized for their significant impact on the open source and open standards communities.

December 31, 2022

A paper by TC Member Dr. Vasileios Mavroeidis that presents a concise summary of the “why” (motivation) for OpenC2. This article (author’s version) documents a thematic talk under “Increased Automation for Detection, Prevention and Mitigation Measures” given at “The 2nd ECSCI Workshop on Critical Infrastructure Protection” in April 2022.

November 16, 2022

The Language Specification is the foundation document defining the OpenC2 language. The TC has determined to advance the Language Specification to Version 2.0 to address changes identified since the November 2019 publication of v1.0, CSD02, including a small number of breaking changes. CSD01 is the initial publication of the in-development v.0 specification.

September 30, 2022

The Architecture Specification is an overarching document that describes the concepts and organization of OpenC2, and provides a blueprint for developing Actuator Profiles and Transfer Specifications. It also describes the abstract architecture of OpenC2 to define a common understanding of the messages and interactions for all bindings and serializations.

June 3, 2022

The Architecture Specification is an overarching document that describes the concepts and organization of OpenC2, and provides a blueprint for developing Actuator Profiles and Transfer Specifications.

June 2, 2022

Cybersecurity Automation Workshops are a series of events to prototype and test interoperability among cybersecurity automation technologies. OpenC2 participated in the latest CAW event, which also explored related cybersecurity technologies including Software Bill of Materials (SBOM), and security Posture Attribute Collection & Evaluation (PACE).

April 28, 2022

Dr. Vasileios Mavroeidis, a member of the OpenC2 TC, gave a talk on “the role of OpenC2 in cybersecurity automation” at the 2nd ECSCI Workshop on Critical Infrastructure Protection, organized by the European Cluster for Securing Critical Infrastructures (ECSCI).

April 12, 2022

Dr. Vasileios Mavroeidis, a member of the OpenC2 TC, was a guest on the mnemonic security podcast, to discuss “The Science of SOAR”.

January 19, 2022

Duncan Sparrell, a co-chair of the OpenC2 TC, was named an OASIS Distinguished Contributor.

December 3, 2021

HTTP over TLS is a widely deployed transfer protocol that provides authenticated, ordered, lossless delivery of uniquely-identified messages. This document specifies the use of HTTP over TLS as a transfer mechanism for OpenC2 Messages. This specification replaces the July 2019 v.10 CS01, and incorporates changes to OpenC2 message formatting and other lessons learned through interoperability testing. A Testing conformance target is provided to support interoperability testing without security mechanisms.

December 1, 2021

OpenC2 transfer specifications describe how to use standard protocols to transfer OpenC2 messages. The MQTT Transfer Specification describes how to use MQTT v5.0 in support of OpenC2 messaging.

October 13, 2021

OpenC2 transfer specifications describe how to use standard protocols to transfer OpenC2 messages. The HTTPS Transfer Specification describes how to use HTTP and TLS in support of OpenC2 messaging. The v1.1 update incorporates an updated OpenC2 message format and the option for a testing mode without TLS, the addition of a well-known path for POSTing OpenC2 commands, and other minor changes and corrections.

August 30, 2021

The Language Specification is the foundation document defining the OpenC2 language. Version 1.1 of the Language Specification will address changes identified since the November 2019 publication of v1.0, CSD02.

August 30, 2021

OpenC2 transfer specifications describe how to use standard protocols to transfer OpenC2 messages. The MQTT Transfer Specification describes how to use MQTT v5.0 in support of OpenC2 messaging.

August 24, 2021

JSON Abstract Data Notation (JADN) is a UML-based information modeling language that defines data structure independently of data format. Information models are used to define and generate physical data models, validate information instances, and enable lossless translation across data formats. A JADN specification consists of two parts: type definitions that comprise the information model, and serialization rules that define how information instances are represented as data.

August 17, 2021

The Packet Filtering AP will combine stateless and stateful packet filtering under a single AP, and make provisions for use in cloud environments.

June 24, 2021

Michael Rosa (NSA) explores OpenC2 applications (at approximately the twenty-six minute mark) in a Borderless Cyber panel on how standards could help with the recent attacks.

June 24, 2021

Neal Ziring, Technical Director, National Security Agency delivers the keynote address for the Borderless Cyber 2021, in which he discusses the importance of OpenC2 in evolving cybersecurity challenges.

June 22, 2021

A successful OpenC2 Plugfest was held in conjunction with Borderless Cyber 2021.

February 10, 2021

The NTIA Software Transparency Multistakeholder Group is producing documentation on how improve software supply chain, particularly on the value om Software Bill of Materials (SBOM). The “Sharing & Exchanging SBOMs” paper includes OpenC2 as one of the mechanisms.

January 12, 2021

The OASIS CACAO TC published CACAO Security Playbooks Version 1.0, Committee Specification 01. This security playbook specification on collaborative automated course of action operations (CACAO) includes how to specify security actions using OpenC2.

December 8, 2020

“Cybersecurity Automation” was presented at the ITU Kaleidoscope Academic Conference, including openC2’s role in cybersecurity automation. (video - click on word “English”)

December 8, 2020

IACD experiment using OpenC2 with a Swimlane orchestrator and Symantec ICDx to respond to malicious software download.

October 28, 2020

Information about the October 28, 2020 Plugfest / Hackathon, a mashup of SBOM / OpenC2 / SCAPv2 / IACD / CACAO / OCA / MUD / DBOM virtual Proof-of-Concept (PoC) / plugfest / hackathon.

October 23, 2020

A LinkedIn post by Dan Johnson.

August 18, 2020

An academic paper by Vasileios Mavroeidis.

July 29, 2020

A blog post on Medium by Erich Izdepski.

June 17, 2020

A blog post on SecurityIntelligence.com by Stephanie Hazlewood.

May 27, 2020

A press release on businesswire.com.

March 06, 2020

A presentation to Code BEAM SF 2020 by Duncan Sparrell (video).

Feb 5, 2020

A LinkedIn article by Vasileios Mavroeidis.

January 27, 2020

Information about the January 27-28, 2020 OpenC2 Plugfest / Hackathon sponsored by Dreamport and hosted by UMBC Training.

December 12, 2019

OASIS announcement of the publication of the 24 November 2019 CS02 version of the OpenC2 Language Specification.

December 4, 2019

Conference proceedings for December 2019 ITU Kaleidoscope (large PDF), includes paper on Cyber-Safety in Healthcare IoT by Duncan Sparrell

November 24, 2019

The HTML version of the OpenC2 Language Specification, CS02, which contains minor updates to CS01.

October 8, 2019

A presentation by Duncan Sparrell at Borderless Cyber in Washington, DC (conference program entry).

September 3, 2019

A commentary article on DARKReading by Jon Oltsik.

August 7, 2019

A report (PDF) from HardenStance.com about the publication of three initial OpenC2 Committee Specifications.

August 5, 2019

The official OASIS publication announcement for the three initial OpenC2 Committee Specifications (CS01 versions).

July 11, 2019

The HTML version of the OpenC2 Language Specification, CS01.

July 11, 2019

The HTML version of the Stateless Packet Filtering actuator profile, CS01.

July 11, 2019

The HTML version of the HTTPS Transfer Specification, CS01.

May 01, 2019

A Cybersecurity Snippets article by Jon Oltsik at CSO Online.

April 2, 2019

A Cybersecurity Snippets article by Jon Oltsik at CSO Online.

April 2, 2019

A Cybersecurity Snippets article by Jon Oltsik at CSO Online.

November 12, 2018

An article by Sridhar Muppidi at SecurityIntelligence.com.

October 24, 2018

Duncan Sparrell, Chief Cyber Curmudgeon at S-Fractal Consulting, chats about his long career at AT&T, current projects, and trends in cyber security (YouTube video).

September 6, 2018

IoTsm “Response at Cyberspeed to Attack” Proceedings of the International Conference on Industrial Internet of Things and Smart Manufacturing

March 15, 2018

Presentation by Duncan Sparrell at Code Beam SF 2018 (video).

November 18, 2017

Cybersecurity, Erlang, & Opensource Combine in OpenC2

October 19, 2017

Presentation by Duncan Sparrell at Rochester Security Summit 2017 (Prezi).

September 5, 2017

OASIS press release about the work of the OpenC2 Technical Committee.

June 14, 2017

Article about OpenC2 and the formation of the OASIS OpenC2 TC by Shaun Waterman on cyberscoop.com.

June 7, 2017

Public link to meeting minutes for the formation meeting.

April 10, 2017

OASIS Call For Participation in the newly-forming OpenC2 Technical Committee.

March 23, 2017

Presentation by Duncan Sparrell at Erlang & Elixir Factory SF 2017 (YouTube video).