Presentation is loading. Please wait.

Presentation is loading. Please wait.

OASIS Kickoff 7 June 2017.

Published byErika George Modified over 6 years ago

Similar presentations

Presentation on theme: "OASIS Kickoff 7 June 2017."— Presentation transcript:

1 OASIS Kickoff 7 June 2017

2 Agenda (1 of 2) Time Topic Presenter 13:00
Call to Order and Request Volunteer to capture notes Joe Brule Introductions and Roll Call 13:10 Election of Co-chairs Chet Ensign to conduct election 13:15 Election of Subcommittee co-chairs and executive secretary OpenC2 TC Chair to conduct election 13:25 Welcome from OASIS Staff Chet Ensign 13:40 Review of Charter 13:45 Operating Tempo Chair 13:55 OpenC2 Overview Presented by appropriate chairs Language Description Doc Actuator Profile Implementation Considerations

3 Agenda (2 of 2) Time Topic Presenter 13:55 OpenC2 Overview (cont.)
Summary of Collaboration Tools 14:20 Poll members for new business Chair 14:25 Action Item Review Executive Secretary 14:30 Adjourn

4 Call to Order and Introductions
Joe Brule

5 Elections Chet Ensign

6 Election Candidates and Outcome (1 of 2)
TC Co-Chairs Joe Brule (elected) Sounil Yu (elected) Bret Jordan Jyoti Verma Executive Secretary Joyce Fai (elected)

7 Election Candidates and Outcome (2 of 2)
Language Description Document SC Jason Romano (elected) Duncan Sparrell (elected) Actuator Profile SC David Kemp (elected) Jyoti Verma (elected) Implementations Consideration SC Dave Lemire (elected) Bret Jordan (floor nominated, elected) Allan Thomson (floor nominated, declined) Duncan Sparrell (withdrawn)

8 Welcome from OASIS Staff
Chet Ensign

9 Review of Charter Joe Brule

10 OpenC2 Charter (posted on OASIS, 1of 2)
Purpose “…create a standardized language for the command and control of technologies that provide or support cyber defenses” Scope “…draft documents, specifications, lexicons or other artifacts to fulfill the needs of cyber security command and control in a standardized manner” “identifying gaps pertaining to the command and control of technologies … is within [scope]”

11 OpenC2 Charter (2 of 2) Deliverables Subcommittees
Language Description Document (LDD) Security Considerations (aka IA Implementation Considerations document) Implementation Considerations Schema Subcommittees Language Description Document Actuator Profiles Maintain appropriate libraries and repositories

12 Operating Tempo Joe Brule

13 Operating Tempo Agenda
Constraints Proposed Schedule Way forward Standing Rule

14 Constraints Accommodate time zones Avoid Conflicts Three Hours early
Six Hours late Far East Avoid Conflicts CTI TC Technical Committee and Subcommittees

15 Meeting Schedule Proposed Schedule
Technical Committee as a whole 2nd Thurs of the month at 11:00 Eastern (60 minutes) Language Description Document First and 3rd Wednesday at 11:00 Eastern (60 minutes) Actuator Profile 2nd and 4th Wednesday at 11:00 Eastern (60 minutes) Implementation Considerations First and Third Tuesday at 11:00 Eastern (60 minutes) Actual tempo TBD by the Subcommittee Chairs

16 Standing Rule Rough Consent: RFC 7282:
“Lack of disagreement is more important than agreement…” Encourage Deliberation at the SC level Present artifacts a minimum of 7 days prior to the TC meeting Call for Objections with 25% threshold (of members present) at the TC level (are there any objections?) Call to Question Accept Reject Send back Standing rules can be suspended on a per issue basis, at the discretion of the chairs

17 OpenC2 Overview Joe Brule

18 OpenC2 Overview Reference Materials Focus/ Principles
Machine to Machine Commanding Abstractions that decouple the command Agnostic Interoperability External Dependencies/ Assumptions Decision has been made The action is warranted The transport is secure

19 OpenC2 Focuses on Machine to Machine Commanding
STIX Standard Threat INTEL object Supports Analysis TAXII Standard Transport protocol Supports Secure Exchange OpenC2 Standard Command Language Supports Acting OpenC2 is part of a Suite of OASIS Standards

20 Participation in the Subcommittees is the path to success
Way Forward Executive Secretary Call for topics and draft agenda Capture and track actions Near term Subcommittee Tasks Transfer Artifacts from legacy OpenC2 Forum Define Tempo Recruit subject matter experts Recruit document editors and secretaries Participation in the Subcommittees is the path to success

21 Language Description Document (LDD)

22 OpenC2 LDD Approach OpenC2 LDD Additional Artifacts
Part 1: OpenC2 Core Concepts Old Sections 1-3; some parts of section 3 move into Part 2 Pointer to Actuator Profile Repository Part 2: Open C2 Actions and Targets <Property Tables – normative> Derived from old Section 4 Top Level Property Tables (Command, Response, Alert) Action Property Tables Target Property Tables (include specifiers) Response Property Table (synchronous or asynchronous) Alert Property Table Universal Modifier Property Tables Example Commands (in JSON) Foundational (not actuator specific) appear here (e.g., query, report, notify, start, stop, set, delete, update, effects-based actions ) Part 3: OpenC2 Actions and Targets (JSON Abstract Encoding Notation (JAEN)) Non-normative OPENC2 GLOSSARY (non-normative) OPENC2 ACTUATOR PROFILES Packet Filtering Firewall Router SDN Controller Endpoint Protection Scanner Sensor  INTEROPERABILITY Use Cases

23 Actuator Profile

24 OpenC2 Framework

25 Actuator Profiles

26 Observations Actuator Profiles infuse industry-specific knowledge into OpenC2 Industry participation will enable success Industry collaboration will define the distinction between the standard and product differentiators Actuators based on capabilities Device-based approach is redundant and does not support Network Function Virtualization A single device/product may support multiple profiles Universal profile defines common functions

27 Potential Actuator Profiles
27 Actuator –Capability Description External-notification Machine to human notifications to supports use cases that require human in the loop or human on the loop. Privilege-management Manage level of access to system, devices, files etc. to support mitigation of compromised users and/or device use cases DAR-analytics Task analytic engines to evaluate data at rest such as configuration files, tables, servers etc. to support data enrichment use cases DIT-analytics Task analytic engines to evaluate data in transit to support data enrichment use cases Router Manage layer 2 frame switching and layer 3 packet routing functions Isolation Create an isolated environment Configuration Query and/or modify the configuration of assets. Used in data enrichment and isolation use cases Firewall First generation packet filter Application-proxy OPENC2 ACTUATOR PROFILES Packet Filtering Firewall Router SDN Controller Endpoint Protection (Broad Scope?) Scanner (maps to analytics?) Sensor (maps to analytics?)

28 Status of Actuator Profiles
Firewall Profile Introduction and MTI sections complete Data Modeling in process Router Profile Industry to provide initial draft SDN Profile Rework Draft based on earlier work performed by SPAWAR

29 Actuator Profile Outline
Section One: Introduction Purpose/ Scope Applicability Section Two: Language Binding Commands: MTI and Optional Actions, Targets, Modifiers Responses Datatype Definitions Section Three: Command Summary Description of each action in context JSON example commands Section Four: Abstract Schema Use cases provided in a separate repository

30 Proposed Way Forward SIGN UP for Actuator Profile SC
Refine / Prioritize List of Actuator Profiles Identify Editors / working groups Feedback loops Prototype Implementers Language Description Document Management Repository / version control

31 Implementation Considerations

32 Implementation Considerations SC
Co-Chair Introductions Purpose: Identify External Dependencies Provide Implementation Guidance Existing Artifacts: IA Implementation Considerations document OpenC2 Implementation Considerations document Prototype Implementations

33 External Dependencies
Transport Layer Information Assurance Authentication Authorization Integrity Availability Confidentiality Message Prioritization Message Identification/ Acknowledgment

34 Contributions Wanted Subcommittee participants Subcommittee secretary
Document editors

35 Collaboration Tools

36 ‘Suite’ of Tools GitHub Slack GoogleDocs OASIS Wiki JIRA or GitHub
Codebase for prototypes, schema’s etc. Existing codebase to remain in place New codebase to be housed in OASIS Slack Informal discussion space All current TC members will be added and members checked biweekly GoogleDocs To be managed by chairs of SC Drafts and Works in progress. OASIS Wiki Repository for Documents accepted by Technical Committee House constructs (issue resolution) House general Information JIRA or GitHub House the action items (change control, what is opened, closed, short summary, pointer to fuller explanation)

37 Poll for New Business OASIS Borderless Cyber June 21st and 22nd in NYC. Send on why you use OpenC2 to Duncan Sparrell. On12/6 Prague Joint OASIS meeting with First.org. Does OpenC2 want a face to face?

38 Action Item Review

Download ppt "OASIS Kickoff 7 June 2017."

Similar presentations

Systems Engineering in a System of Systems Context

Systems Engineering in a System of Systems Context
Query Health Business Working Group Kick-Off September 8, 2011.

Query Health Business Working Group Kick-Off September 8, 2011.
CTI STIX SC Kickoff Meeting www.oasis-open.org July 16, 2015.

CTI STIX SC Kickoff Meeting July 16, 2015.
Copyright © 2004 by The Web Services Interoperability Organization (WS-I). All Rights Reserved 1 Interoperability: Ensuring the Success of Web Services.

Copyright © 2004 by The Web Services Interoperability Organization (WS-I). All Rights Reserved 1 Interoperability: Ensuring the Success of Web Services.
® © 2009 Open Geospatial Consortium, Inc. Starting an Interoperability Experiment David Arctur, OGC Director, Interoperability Programs December 8, 2009.

® © 2009 Open Geospatial Consortium, Inc. Starting an Interoperability Experiment David Arctur, OGC Director, Interoperability Programs December 8, 2009.
For internal use only 1© Nokia Siemens Networks R 255 G 211 B 8 R 255 G 175 B 0 R 127 G 16 B 162 R 163 G 166 B 173 R 137 G 146 B 155 R 175 G 0 B 51 R 52.

For internal use only 1© Nokia Siemens Networks R 255 G 211 B 8 R 255 G 175 B 0 R 127 G 16 B 162 R 163 G 166 B 173 R 137 G 146 B 155 R 175 G 0 B 51 R 52.
CTI STIX SC Monthly Meeting www.oasis-open.org August 19, 2015.

CTI STIX SC Monthly Meeting August 19, 2015.
January 2004doc.: IEEE 802.11-04/008r3 Clint Chaplin, Symbol TechnologiesSlide 1Submission Security Standing Committee Clint Chaplin, Symbol Technologies.

January 2004doc.: IEEE /008r3 Clint Chaplin, Symbol TechnologiesSlide 1Submission Security Standing Committee Clint Chaplin, Symbol Technologies.
© 2013 IBM Corporation OSLC WG Transition **DRAFT** Plan 8 April 2013 Open Services for Lifecycle Collaboration Lifecycle integration inspired by the web.

© 2013 IBM Corporation OSLC WG Transition **DRAFT** Plan 8 April 2013 Open Services for Lifecycle Collaboration Lifecycle integration inspired by the web.
Date: Sept. 7, 2011 Time: 9am PDT Call in number: 712-432-0900 Participant code: 654570 # 1.

Date: Sept. 7, 2011 Time: 9am PDT Call in number: Participant code: # 1.
ARIP Technical Committee Convener Call 07 April 2015 1.

ARIP Technical Committee Convener Call 07 April
CTI Technical Committee Convener Call 11 May 2015 1.

CTI Technical Committee Convener Call 11 May
ARIP Technical Committee Convener Call 07 April 2015 1.

ARIP Technical Committee Convener Call 07 April
PROMCODE Technical Committee Convener Call 14 February 2014 1.

PROMCODE Technical Committee Convener Call 14 February
781-890-7446 Health Delivery Services May 29, 20090 Eastern Massachusetts Healthcare Initiative Policy Work Group Session 2 May 29, 2009.

Health Delivery Services May 29, Eastern Massachusetts Healthcare Initiative Policy Work Group Session 2 May 29, 2009.
TAXII SC Call 2015-10-13. Agenda Administrivia Month Behind Discussion Month Ahead.

TAXII SC Call Agenda Administrivia Month Behind Discussion Month Ahead.
CTI STIX SC Monthly Meeting www.oasis-open.org October 21, 2015.

CTI STIX SC Monthly Meeting October 21, 2015.
1 MPLS Architectural Considerations for a Transport Profile ITU-T - IETF Joint Working Team Dave Ward, Malcolm Betts, ed. April 16, 2008.

1 MPLS Architectural Considerations for a Transport Profile ITU-T - IETF Joint Working Team Dave Ward, Malcolm Betts, ed. April 16, 2008.
1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.

1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.
OData Technical Committee Convener Call June 5, 2012.

OData Technical Committee Convener Call June 5, 2012.

Similar presentations

Ads by Google