OASIS has published Committee Note 01 of OpenC2 Actuator Profile Development Process v1.0. This CN was approved for publication by the OpenC2 TC. The CN describes the TC’s process for using the JSON Abstract Data Notation (JADN) information modeling language in the development of APs, resulting in a rigorous schema for an AP properly integrated with the base OpenC2 language.
NOTE: Updated to reflect schedule changes for the Village.
OpenC2 TC members participated in the first preparation session (December 6th) for a planned April 2024 Cybersecurity Automation Village (CAV) event. A test matrix is being developed to document participants’ planned contributions and facilitate identifying opportunities to demonstrate interoperability. A second preparation session is planned for 5 March 2024, and the CAV will be held April 11-12 at Peraton’s offices at 1875 Explorer St, Reston, VA 20190.
The CASP GitHub repository contains detailed information and is the place to sign up to participate and contribute to the Village. The CASP mailing list is also a coordination resource.
TC member Jason Kierstead was the co-presenter of a webinar titled “Winning in Football Requires Collective Defense. So Does Cybersecurity.”, hosted by ISSA. His co-presenter was Shannon Noonan, CEO/Founder at HiNoon Consulting. Follow the link to view an archived copy (you’ll be asked for a name and a business email address).
The webinar touches on a range of subjects related to collective defense. There’s a discussion of the importance of open standards for information sharing starting around 30:30 and a specific mention of OpenC2 around 32:35.
TC member Vasileios Mavroeidis will be presenting on OpenC2 at the SecOps2024 International Exercise & Conference on Security Operations. This event takes place February 15, 2024 in Budapest, Hungary.
Title: Do away with siloed cybersecurity operations and customized integrations.
Description: As the number of vulnerable channels continues to grow, there is also an increase in the deployment of security solutions. This highlights the importance of interconnecting an organization’s cybersecurity solutions to ensure ongoing and effective threat management. However, integrations are costly to develop and maintain and heavily rely on proprietary communication interfaces that require reconfiguring parts or the entire defense ecosystem of the organization when tools are introduced or replaced or when there are updates to the APIs utilized. This presentation will discuss OASIS Open Command and Control (OpenC2), a standardized machine-to-machine language for the command and control of cyber defense technologies, allowing them to interoperate without needing customized integrations.
OpenC2 TC member organizations will be participating in the 13 June 2023 Cybersecurity Automation Village. The Village, sponsored by the Open Cybersecurity Alliance CASP subproject, is for sharing information, prototyping, testing, and specifying interoperability among cybersecurity automation technologies.
OpenC2 members will participate in use cases involving the Kestrel Threat Hunting Language and CACAO-based automation.
OASIS has published Committee Note 01 of Information Modeling with JADN v1.0. This CN, a companion to the JADN Specification, was approved for publication by the OpenC2 TC. The CN describes the value and use of Information Models (IMs), contains explanations of the JADN language, explains how to construct IMs using JADN with examples, and contrasts IMs with other modeling approaches, such as Entity-Relationship models for databases, and knowledge models / ontologies.
OASIS has published Committee Note Draft (CND) 01 of Information Modeling with JADN v1.0. This CND, a companion to the JADN Specification, was approved for publication by the OpenC2 TC, and describes the use of IMs, explains how to construct IMs using JADN, and contrasts IMs with other modeling approaches, such as Entity-Relationship models for databases, and knowledge models / ontologies. Development of this CN is on-going.
Dr. Vasileios Mavroeidis was named an 2022 OASIS Distinguished Contributor. Dr. Mavroeidis specializes in the domains of automation and cyber threat intelligence representation, reasoning, and sharing, and is an active participant in multiple OASIS TCs. Distinguished Contributors are individuals recognized for their significant impact on the open source and open standards communities.
A paper by TC Member Dr. Vasileios Mavroeidis that presents a concise summary of the “why” (motivation) for OpenC2. This article (author’s version) documents a thematic talk under “Increased Automation for Detection, Prevention and Mitigation Measures” given at “The 2nd ECSCI Workshop on Critical Infrastructure Protection” in April 2022.
The Language Specification is the foundation document defining the OpenC2 language. The TC has determined to advance the Language Specification to Version 2.0 to address changes identified since the November 2019 publication of v1.0, CSD02, including a small number of breaking changes. CSD01 is the initial publication of the in-development v.0 specification.
The Architecture Specification is an overarching document that describes the concepts and organization of OpenC2, and provides a blueprint for developing Actuator Profiles and Transfer Specifications. It also describes the abstract architecture of OpenC2 to define a common understanding of the messages and interactions for all bindings and serializations.
The Architecture Specification is an overarching document that describes the concepts and organization of OpenC2, and provides a blueprint for developing Actuator Profiles and Transfer Specifications.
Cybersecurity Automation Workshops are a series of events to prototype and test interoperability among cybersecurity automation technologies. OpenC2 participated in the latest CAW event, which also explored related cybersecurity technologies including Software Bill of Materials (SBOM), and security Posture Attribute Collection & Evaluation (PACE).
Dr. Vasileios Mavroeidis, a member of the OpenC2 TC, gave a talk on “the role of OpenC2 in cybersecurity automation” at the 2nd ECSCI Workshop on Critical Infrastructure Protection, organized by the European Cluster for Securing Critical Infrastructures (ECSCI).
Dr. Vasileios Mavroeidis, a member of the OpenC2 TC, was a guest on the mnemonic security podcast, to discuss “The Science of SOAR”.
Duncan Sparrell, a co-chair of the OpenC2 TC, was named an OASIS Distinguished Contributor.
HTTP over TLS is a widely deployed transfer protocol that provides authenticated, ordered, lossless delivery of uniquely-identified messages. This document specifies the use of HTTP over TLS as a transfer mechanism for OpenC2 Messages. This specification replaces the July 2019 v.10 CS01, and incorporates changes to OpenC2 message formatting and other lessons learned through interoperability testing. A Testing conformance target is provided to support interoperability testing without security mechanisms.
OpenC2 transfer specifications describe how to use standard protocols to transfer OpenC2 messages. The MQTT Transfer Specification describes how to use MQTT v5.0 in support of OpenC2 messaging.
OpenC2 transfer specifications describe how to use standard protocols to transfer OpenC2 messages. The HTTPS Transfer Specification describes how to use HTTP and TLS in support of OpenC2 messaging. The v1.1 update incorporates an updated OpenC2 message format and the option for a testing mode without TLS, the addition of a well-known path for POSTing OpenC2 commands, and other minor changes and corrections.
The Language Specification is the foundation document defining the OpenC2 language. Version 1.1 of the Language Specification will address changes identified since the November 2019 publication of v1.0, CSD02.
OpenC2 transfer specifications describe how to use standard protocols to transfer OpenC2 messages. The MQTT Transfer Specification describes how to use MQTT v5.0 in support of OpenC2 messaging.
JSON Abstract Data Notation (JADN) is a UML-based information modeling language that defines data structure independently of data format. Information models are used to define and generate physical data models, validate information instances, and enable lossless translation across data formats. A JADN specification consists of two parts: type definitions that comprise the information model, and serialization rules that define how information instances are represented as data.
The Packet Filtering AP will combine stateless and stateful packet filtering under a single AP, and make provisions for use in cloud environments.
Michael Rosa (NSA) explores OpenC2 applications (at approximately the twenty-six minute mark) in a Borderless Cyber panel on how standards could help with the recent attacks.
Neal Ziring, Technical Director, National Security Agency delivers the keynote address for the Borderless Cyber 2021, in which he discusses the importance of OpenC2 in evolving cybersecurity challenges.
A successful OpenC2 Plugfest was held in conjunction with Borderless Cyber 2021.
The NTIA Software Transparency Multistakeholder Group is producing documentation on how improve software supply chain, particularly on the value om Software Bill of Materials (SBOM). The “Sharing & Exchanging SBOMs” paper includes OpenC2 as one of the mechanisms.
The OASIS CACAO TC published CACAO Security Playbooks Version 1.0, Committee Specification 01. This security playbook specification on collaborative automated course of action operations (CACAO) includes how to specify security actions using OpenC2.
“Cybersecurity Automation” was presented at the ITU Kaleidoscope Academic Conference, including openC2’s role in cybersecurity automation. (video - click on word “English”)
IACD experiment using OpenC2 with a Swimlane orchestrator and Symantec ICDx to respond to malicious software download.
Information about the October 28, 2020 Plugfest / Hackathon, a mashup of SBOM / OpenC2 / SCAPv2 / IACD / CACAO / OCA / MUD / DBOM virtual Proof-of-Concept (PoC) / plugfest / hackathon.
An academic paper by Vasileios Mavroeidis.
A blog post on Medium by Erich Izdepski.
A blog post on SecurityIntelligence.com by Stephanie Hazlewood.
A press release on businesswire.com.
A presentation to Code BEAM SF 2020 by Duncan Sparrell (video).
A LinkedIn article by Vasileios Mavroeidis.
Information about the January 27-28, 2020 OpenC2 Plugfest / Hackathon sponsored by Dreamport and hosted by UMBC Training.
OASIS announcement of the publication of the 24 November 2019 CS02 version of the OpenC2 Language Specification.
Conference proceedings for December 2019 ITU Kaleidoscope (large PDF), includes paper on Cyber-Safety in Healthcare IoT by Duncan Sparrell
The HTML version of the OpenC2 Language Specification, CS02, which contains minor updates to CS01.
A presentation by Duncan Sparrell at Borderless Cyber in Washington, DC (conference program entry).
A commentary article on DARKReading by Jon Oltsik.
A report (PDF) from HardenStance.com about the publication of three initial OpenC2 Committee Specifications.
The official OASIS publication announcement for the three initial OpenC2 Committee Specifications (CS01 versions).
The HTML version of the OpenC2 Language Specification, CS01.
The HTML version of the Stateless Packet Filtering actuator profile, CS01.
The HTML version of the HTTPS Transfer Specification, CS01.
A Cybersecurity Snippets article by Jon Oltsik at CSO Online.
A Cybersecurity Snippets article by Jon Oltsik at CSO Online.
A Cybersecurity Snippets article by Jon Oltsik at CSO Online.
An article by Sridhar Muppidi at SecurityIntelligence.com.
Duncan Sparrell, Chief Cyber Curmudgeon at S-Fractal Consulting, chats about his long career at AT&T, current projects, and trends in cyber security (YouTube video).
IoTsm “Response at Cyberspeed to Attack” Proceedings of the International Conference on Industrial Internet of Things and Smart Manufacturing
Presentation by Duncan Sparrell at Code Beam SF 2018 (video).
Cybersecurity, Erlang, & Opensource Combine in OpenC2
Presentation by Duncan Sparrell at Rochester Security Summit 2017 (Prezi).
OASIS press release about the work of the OpenC2 Technical Committee.
Article about OpenC2 and the formation of the OASIS OpenC2 TC by Shaun Waterman on cyberscoop.com.
Public link to meeting minutes for the formation meeting.
OASIS Call For Participation in the newly-forming OpenC2 Technical Committee.
Presentation by Duncan Sparrell at Erlang & Elixir Factory SF 2017 (YouTube video).