OASIS OpenC2 Technical Committee Meeting 13 July 2017
Agenda Time Topic Presenter 11:00 – 11:02 Call to Order and Roll Call Joe Brule 11:02 – 11:04 Approve Minutes of Previous Meeting OpenC2 Subcommittee Reports 11:04 – 11:11 Language Jason Romano, Duncan Sparrell 11:11 – 11:18 Actuator Profile Dave Kemp, Jyoti Verma 11:18 – 11:25 Implementation Considerations Bret Jordan, David Lemire 11:25 - 11:30 Status/Resolution of Actions Joyce Fai 11:30 - 11:55 New Business 11:55 - 12:00 New Action Item Review 12:00 Adjourn
Call to Order and Roll Call Joe Brule To expedite the roll call process, kindly record your attendance for today’s meeting within Kavi https://www.oasis-open.org/apps/org/workgroup/openc2/manage/track_attendance.php?day=&event_id=45478 If for whatever reason you are unable to do so, send the Executive Secretary a record of your attendance through email and we will track your attendance onto the OASIS OpenC2 site for this meeting.
Approve Minutes Joe Brule OpenC2 TC Minutes for June 7 Meeting: https://www.oasis-open.org/apps/org/workgroup/openc2/download.php/61010/OpenC2%20TC%20Minutes%2020170607.pdf OpenC2 TC Kickoff Slide Deck (for reference) https://www.oasis-open.org/apps/org/workgroup/openc2/download.php/60969/OASIS%20OpenC2%20TC%20Kickoff%20(Rev%200.2).pptx
OpenC2 Subcommittee Reports Near term Subcommittee Tasks Transfer Artifacts from legacy OpenC2 Forum Define Tempo Recruit subject matter experts Recruit document editors and secretaries Participation in the Subcommittees is the path to success
Language
Purpose of the Language SC This OpenC2 Language SC is responsible for the development, maintenance, and resolution of comments to the OpenC2 language documentation, including the language specification documents, use cases, JAEN specification, JSON specification, and glossary.
Status Held Kickoff Meeting, 7/11 Operating Tempo: Tuesdays, 13:00 ET (17:00 UTC) Current Objective: Systematic review of baseline Language Specification Use of Collaboration Tools: Google Drive: to develop working documents Slack: for informal discussions, primary channel #language GitHub Wiki: to document design decisions
OpenC2 Specification Approach (presented at Kickoff) OpenC2 Language Specification Additional Artifacts Part 1: OpenC2 Core Concepts Old Sections 1-3; some parts of section 3 move into Part 2 Pointer to Actuator Profile Repository Part 2: Open C2 Actions and Targets <Property Tables – normative> Derived from old Section 4 Top Level Property Tables (Command, Response, Alert) Action Property Tables Target Property Tables (include specifiers) Response Property Table (synchronous or asynchronous) Alert Property Table Universal Modifier Property Tables Example Commands (in JSON) Foundational (not actuator specific) appear here (e.g., query, report, notify, start, stop, set, delete, update, effects-based actions ) Part 3: OpenC2 Actions and Targets (JSON Abstract Encoding Notation (JAEN)) Non-normative OPENC2 GLOSSARY (non-normative) OPENC2 ACTUATOR PROFILES Developed by Actuator Profile SC Examples Packet Filtering Firewall Router SDN Controller Endpoint Protection Scanner Sensor Use Cases
Plans Future Agenda Topics Standing meeting announcement on OASIS Abstract syntax Action property tables End-to-end use cases Standing meeting announcement on OASIS Meetings announced on Slack, #meetings and #language channels Next meeting: 2017-07-18, 13:00 ET (17:00 UTC) Call to Action: Join the Language Subcommittee!
Actuator Profile
Scope The Actuator Profile Subcommittee is responsible for creating and maintaining actuator profiles which define the OpenC2 message elements applicable to specific cyber defense functions. Profiles for specific cyber defense functions will call out the mandatory to implement as well as optional elements meaningful to that function.
Status So far, the OpenC2 Forum drafted the following artifacts: A generic template for actuator profiles Firewall profile Router profile SDN profile Firewall Profile Introduction and MTI sections complete Data Modeling in process Router Profile Industry to provide initial draft SDN Profile Rework Draft based on earlier work performed by SPAWAR
Plans Refine / Prioritize List of Actuator Profiles Bi-Monthly Meetings announced: Via OASIS email on Slack #meetings channel Schedule: 2nd and 4th Wednesday of Every Month First Meeting: 26 July 2017, 1300 ET (1700 UTC) WebEx Details: TBD Identify Editors / working groups Transform current draft actuator profiles into OASIS specifications Refine/Prioritize list of additional profiles based on community feedback Establish processes for validating profiles Call to Action: Join the Actuator Profile Subcommittee! Refine / Prioritize List of Actuator Profiles Identify Editors / working groups Feedback loops Prototype Implementers Language Description Document Management Repository / version control
Potential Actuator Profiles 15 Actuator –Capability Description External-notification Machine to human notifications to supports use cases that require human in the loop or human on the loop. Privilege-management Manage level of access to system, devices, files etc. to support mitigation of compromised users and/or device use cases DAR-analytics Task analytic engines to evaluate data at rest such as configuration files, tables, servers etc. to support data enrichment use cases DIT-analytics Task analytic engines to evaluate data in transit to support data enrichment use cases Router Manage layer 2 frame switching and layer 3 packet routing functions Isolation Create an isolated environment Configuration Query and/or modify the configuration of assets. Used in data enrichment and isolation use cases Firewall First generation packet filter Application-proxy OPENC2 ACTUATOR PROFILES Packet Filtering Firewall Router SDN Controller Endpoint Protection (Broad Scope?) Scanner (maps to analytics?) Sensor (maps to analytics?)
Actuator Profile Outline Section One: Introduction Purpose/ Scope Applicability Section Two: Language Binding Commands: MTI and Optional Actions, Targets, Modifiers Responses Datatype Definitions Section Three: Command Summary Description of each action in context JSON example commands Section Four: Abstract Schema Use cases provided in a separate repository
Implementation Considerations
Scope Vision: The OpenC2 Implementation Considerations SC (IC-SC) will develop implementation recommendations for OpenC2 by identifying, investigating, and recommending solutions to OpenC2 security, transport, and interoperability issues. From Charter: Implementation aspects such as message transport, and information assurance (IA) Leverage existing standards Identify gaps in cyber defense C2 Maintain repository of prototype / reference implementations
Background OpenC2 language “factored out” implementation to focus on core capabilities of the language “Implementation” == Transport Layer Information Assurance Authentication Authorization Integrity Availability Confidentiality Message Prioritization Message Identification/ Acknowledgment Other topics TBD
Status IS-SC Charter approved on TC Ballot Co-Chairs elected at TC kickoff David Lemire Bret Jordan Existing Contributions Draft IA Implementation Considerations document Various implementations in OpenC2 Forum GitHub
Transport Specification Goal: Identify message fabric requirements for OpenC2 interoperability Intent: Identify or develop a transport specification for OpenC2 Work Plan: Identify communications use cases Review available options Develop a recommendation or specification for OpenC2
IA Implementation Considerations Goal: Clarify OpenC2 requirements for IA features Identify IA interoperability considerations Start from existing IA Considerations doc Work plan: Conversion to OASIS format SC and TC Review
Plans Monthly Meetings, announced: Via OASIS email on Slack #meetings and #implementation channels Schedule: First Wednesday of Every Month First Meeting: 2 August 2017, 1300 ET (1700 UTC) WebEx Details: TBD Initial Focus: SC organization Discuss SC Scope and Work Plans Initial look at IA Implementation Considerations Call to Action: Join the IC-SC!
Status/Resolution of Actions
Implementation Considerations Action Items Status Action Item #0000: OpenC2 Subcommittee Tempos As amended at the kickoff Technical Committee as a whole 2nd Thurs of the month at 11:00 Eastern (60 minutes) Language Description Document First and 3rd Wednesday at 11:00 Eastern (60 minutes) Actuator Profile 2nd and 4th Wednesday at 11:00 Eastern (60 minutes) Implementation Considerations First and Third Tuesday at 11:00 Eastern (60 minutes) Revised OpenC2 Subcommittee Tempos Tues Wed Thurs Week 1 13:00 ET Language Implementation Considerations Week 2 11:00 ET OpenC2 TC Actuator Week 3 CTI TC Language 21:00 ET Week 4
Action Items Status (cont.) Action Item #0001: Establish OpenC2 Subcommittees Resolutions Passed Work items to create subcommittees submitted to OASIS Initial meetings took place or scheduled
Closed Ballots Resolution Vote Status Yes No Abstain Resolution to Form Language Subcommittee 31 Passed Resolution to Form Actuator Profile Subcommittee 29 Resolution to Form Implementation Considerations Subcommittee 30 Standing Rule #1:, Suspension of Standing rules for Duration of Meeting 18 3 Failed Standing Rule #3, Consideration of Agenda Items for Committee Meetings 14 4
OpenC2 Google Docs Setup OpenC2 TC Access Control Rules Anyone on the Internet can find and view. SC chairs and designees can edit. When a file is ready for comment, TC Members can comment. Special folder ~incoming TC Members can upload and edit files. Maintaining Permissions For files that have enabled commenting, comment permissions will be reapplied (via script) every two weeks to ensure that only TC Members are allowed to comment. An Edit Permission Report will be generated every two weeks to ensure that only authorized TC Members are allowed to directly edit documents. After creating or uploading files to standard folders, SC chairs and designees must transfer ownership to “openc2.oasis”. An Ownership Report will be generated every two weeks to identify files that need to have their ownership transferred to “openc2.oasis”. GitHub Codebase for prototypes, schema’s etc. Existing codebase to remain in place New codebase to be housed in OASIS Slack Informal discussion space All current TC members will be added and members checked biweekly GoogleDocs To be managed by chairs of SC Drafts and Works in progress. OASIS Wiki Repository for Documents accepted by Technical Committee House constructs (issue resolution) House general Information JIRA or GitHub House the action items (change control, what is opened, closed, short summary, pointer to fuller explanation)
OpenC2 Google Docs Setup (cont.) Current Edit Permissions FOLDER DESCRIPTION WHO CAN EDIT admin Administrative folders Joe Brule Sounil Yu Joyce Fai implementation Implementation Considerations Subcommittee Bret Jordan Dave Lemire language Language Subcommittee Jason Romano Duncan Sparrell profile Actuator Profiles Subcommittee Dave Kemp (Jyoti Verma) ~incoming Member upload folder All TC Members scripts Management and reporting scripts openc2.oasis GitHub Codebase for prototypes, schema’s etc. Existing codebase to remain in place New codebase to be housed in OASIS Slack Informal discussion space All current TC members will be added and members checked biweekly GoogleDocs To be managed by chairs of SC Drafts and Works in progress. OASIS Wiki Repository for Documents accepted by Technical Committee House constructs (issue resolution) House general Information JIRA or GitHub House the action items (change control, what is opened, closed, short summary, pointer to fuller explanation)
New Business Face to Face Tiger Team Standing Rules Standing Rule One: Suspension of Standing Rules Standing Rule Three: Consideration of Agenda Items OpenC2 TC/SC Meeting Times
Face to Face Tiger Team Legacy OpenC2 Forum held Quarterly Face to Face Meetings with the purpose of: speeding up the resolution of challenging issues sharing progress on the implementation of OpenC2 discussing OpenC2 use cases Solidifying and strengthening working relationships A motion to stand up a Tiger Team: OASIS OPENC2 TECHNICAL COMMITTEE FACE TO FACE MEETINGS: Resolved; The OpenC2 Technical committee will stand up a tiger team to investigate OpenC2 face to face meetings to include: i. if such meetings are warranted ii. and if so, recommendations on how to proceed. The tiger team will present its initial findings to the Technical Committee on August 8, 2017.
Standing Rules Standing Rules facilitate the day to day business of the TC Rules of Precedence Roberts Rules of Order OASIS ByLaws OpenC2 ByLaws OpenC2 Standing Rules Standing Rule Two was voted on during the Inaugural Meeting (June 7, 2017) Encourage full deliberation of issues rather than rely on votes Minimize objections is preferable to maximize support…
A Motion to Consider Standing Rule One Text: SUSPENSION OF STANDING RULES FOR THE DURATION OF THE MEETING 1. The rules of OASIS or Roberts Rule of Order cannot be suspended as they are not standing rules and always apply. 2. During the course of a meeting, a standing rule may be suspended for the duration of a meeting. A motion to suspend a standing rule is not debatable and must be called to question immediately. 3. The rule will be suspended if any of the following criteria are met; i. By a vote of 2/3 majority of the voting members present without prior notice ii. By a simple majority vote of the voting members present with prior notice
Standing Rule One Discussion Motivation Standing Rules are present to facilitate the day-to-day business of the TC If Standing Rules become an impediment, then need to suspend
A Motion to Consider Standing Rule Three Text: CONSIDERATION OF AGENDA ITEMS FOR COMMITTEE MEETINGS 1. For items that are not artifacts as referenced in rule two, all members may propose agenda items to the technical committee by providing a summary of the item to the executive secretary no later than five days prior to the meeting. 2. All agenda items are subject to the approval of the co- chairs
Standing Rule Three Discussion Motivation Provide a means for the co-chairs to review and prioritize agenda items Concerns Puts the co-chairs in a position to block agenda items Rebuttal Nothing precludes the introduction of a primary motion (thus the chair cannot stifle a topic) If the chairs are not permitted to see agenda items in advance, how will they be prioritized?
A Motion to Define OpenC2 Meeting Timeslots Text: MOVE AND SET ALL OPENC2 MEETINGS TO 13:00 EASTERN All OpenC2 meetings are to be moved and set to be at 13:00 ET, regardless of the day.
OpenC2 TC/SC Meeting Times Discussion Statement for: Predictability will make it easier for participants to schedule meetings, prioritize and prevent conflicts. Statement against: A formal rule puts an unnecessary constraint on the chairs of the subcommittees and tiger teams. We should permit some autonomy to the chairs with respect to scheduling Rebuttal to the statement against: The benefits having a standard time far out weigh any limitations that might occur for a SC and we need to maximize participation. The best way to do that is predictable times. Rebuttal to the statement for: The point regarding predictability is conceded and a convention of a given time slot is valuable, however standing rule or bylaw requires a formal procedure to suspend. This impedes a SC or TT’s agility, flexibility and the ability to act in a timely manner.
Poll for New Business On12/6 Prague Joint OASIS meeting with First.org. Does OpenC2 want a face to face?
Action Item Review
Standing Rule Two (adopted at Kickoff) Text: CONSIDERATION OF ARTIFACTS PRESENTED BY A SUBCOMMITTEE TO THE COMMITTEE AS A WHOLE 1. All artifacts must be provided to the Executive Secretary no later than seven business days prior to the meeting of the technical committee. The topic may be added to the agenda upon approval of the co-chairs or by proposal by members of the TC as described in Rule Three of these standing rules. If approved as an agenda item, the executive secretary will provide the artifacts to the members of the TC no later than three business days prior to the meeting of the technical committee. 2. Prior to consideration, the chair will call for objections. 3. Any member present may object. An objection must include a brief reason for the objection. 4. Any other member present may support one or more objections 5. If a threshold of 25% or more of the members present object, then the committee will take it as sufficient cause to send the artifact back to the subcommittee for further deliberation. 6. If the threshold is not met then a motion to consider the artifact may proceed 7. If the artifact is called to question, the voting members present may accept, reject or send the artifact back to the subcommittee for further deliberation.
‘Suite’ of Tools GitHub Slack GoogleDocs OASIS Wiki JIRA or GitHub Codebase for prototypes, schema’s etc. Existing codebase to remain in place New codebase to be housed in OASIS Slack Informal discussion space All current TC members will be added and members checked biweekly GoogleDocs To be managed by chairs of SC Drafts and Works in progress. OASIS Wiki Repository for Documents accepted by Technical Committee House constructs (issue resolution) House general Information JIRA or GitHub House the action items (change control, what is opened, closed, short summary, pointer to fuller explanation)