OASIS Kickoff 7 June 2017

Agenda (1 of 2) Time Topic Presenter 13:00 Call to Order and Request Volunteer to capture notes Joe Brule Introductions and Roll Call 13:10 Election of Co-chairs Chet Ensign to conduct election 13:15 Election of Subcommittee co-chairs and executive secretary OpenC2 TC Chair to conduct election 13:25 Welcome from OASIS Staff Chet Ensign 13:40 Review of Charter 13:45 Operating Tempo Chair 13:55 OpenC2 Overview Presented by appropriate chairs Language Description Doc Actuator Profile Implementation Considerations

Agenda (2 of 2) Time Topic Presenter 13:55 OpenC2 Overview (cont.) Summary of Collaboration Tools 14:20 Poll members for new business Chair 14:25 Action Item Review Executive Secretary 14:30 Adjourn

Call to Order and Introductions Joe Brule

Elections Chet Ensign

Election Candidates and Outcome (1 of 2) TC Co-Chairs Joe Brule (elected) Sounil Yu (elected) Bret Jordan Jyoti Verma Executive Secretary Joyce Fai (elected)

Election Candidates and Outcome (2 of 2) Language Description Document SC Jason Romano (elected) Duncan Sparrell (elected) Actuator Profile SC David Kemp (elected) Jyoti Verma (elected) Implementations Consideration SC Dave Lemire (elected) Bret Jordan (floor nominated, elected) Allan Thomson (floor nominated, declined) Duncan Sparrell (withdrawn)

Welcome from OASIS Staff Chet Ensign

Review of Charter Joe Brule

OpenC2 Charter (posted on OASIS, 1of 2) Purpose “…create a standardized language for the command and control of technologies that provide or support cyber defenses” Scope “…draft documents, specifications, lexicons or other artifacts to fulfill the needs of cyber security command and control in a standardized manner” “identifying gaps pertaining to the command and control of technologies … is within [scope]”

OpenC2 Charter (2 of 2) Deliverables Subcommittees Language Description Document (LDD) Security Considerations (aka IA Implementation Considerations document) Implementation Considerations Schema Subcommittees Language Description Document Actuator Profiles Maintain appropriate libraries and repositories

Operating Tempo Joe Brule

Operating Tempo Agenda Constraints Proposed Schedule Way forward Standing Rule

Constraints Accommodate time zones Avoid Conflicts Three Hours early Six Hours late Far East Avoid Conflicts CTI TC Technical Committee and Subcommittees

Meeting Schedule Proposed Schedule Technical Committee as a whole 2nd Thurs of the month at 11:00 Eastern (60 minutes) Language Description Document First and 3rd Wednesday at 11:00 Eastern (60 minutes) Actuator Profile 2nd and 4th Wednesday at 11:00 Eastern (60 minutes) Implementation Considerations First and Third Tuesday at 11:00 Eastern (60 minutes) Actual tempo TBD by the Subcommittee Chairs

Standing Rule Rough Consent: RFC 7282: “Lack of disagreement is more important than agreement…” Encourage Deliberation at the SC level Present artifacts a minimum of 7 days prior to the TC meeting Call for Objections with 25% threshold (of members present) at the TC level (are there any objections?) Call to Question Accept Reject Send back Standing rules can be suspended on a per issue basis, at the discretion of the chairs

OpenC2 Overview Joe Brule

OpenC2 Overview Reference Materials Focus/ Principles Machine to Machine Commanding Abstractions that decouple the command Agnostic Interoperability External Dependencies/ Assumptions Decision has been made The action is warranted The transport is secure

OpenC2 Focuses on Machine to Machine Commanding STIX Standard Threat INTEL object Supports Analysis TAXII Standard Transport protocol Supports Secure Exchange OpenC2 Standard Command Language Supports Acting OpenC2 is part of a Suite of OASIS Standards

Participation in the Subcommittees is the path to success Way Forward Executive Secretary Call for topics and draft agenda Capture and track actions Near term Subcommittee Tasks Transfer Artifacts from legacy OpenC2 Forum Define Tempo Recruit subject matter experts Recruit document editors and secretaries Participation in the Subcommittees is the path to success

Language Description Document (LDD)

OpenC2 LDD Approach OpenC2 LDD Additional Artifacts Part 1: OpenC2 Core Concepts Old Sections 1-3; some parts of section 3 move into Part 2 Pointer to Actuator Profile Repository Part 2: Open C2 Actions and Targets <Property Tables – normative> Derived from old Section 4 Top Level Property Tables (Command, Response, Alert) Action Property Tables Target Property Tables (include specifiers) Response Property Table (synchronous or asynchronous) Alert Property Table Universal Modifier Property Tables Example Commands (in JSON) Foundational (not actuator specific) appear here (e.g., query, report, notify, start, stop, set, delete, update, effects-based actions ) Part 3: OpenC2 Actions and Targets (JSON Abstract Encoding Notation (JAEN)) Non-normative OPENC2 GLOSSARY (non-normative) OPENC2 ACTUATOR PROFILES Packet Filtering Firewall Router SDN Controller Endpoint Protection Scanner Sensor  INTEROPERABILITY Use Cases

Actuator Profile

OpenC2 Framework

Actuator Profiles

Observations Actuator Profiles infuse industry-specific knowledge into OpenC2 Industry participation will enable success Industry collaboration will define the distinction between the standard and product differentiators Actuators based on capabilities Device-based approach is redundant and does not support Network Function Virtualization A single device/product may support multiple profiles Universal profile defines common functions

Potential Actuator Profiles 27 Actuator –Capability Description External-notification Machine to human notifications to supports use cases that require human in the loop or human on the loop. Privilege-management Manage level of access to system, devices, files etc. to support mitigation of compromised users and/or device use cases DAR-analytics Task analytic engines to evaluate data at rest such as configuration files, tables, servers etc. to support data enrichment use cases DIT-analytics Task analytic engines to evaluate data in transit to support data enrichment use cases Router Manage layer 2 frame switching and layer 3 packet routing functions Isolation Create an isolated environment Configuration Query and/or modify the configuration of assets. Used in data enrichment and isolation use cases Firewall First generation packet filter Application-proxy OPENC2 ACTUATOR PROFILES Packet Filtering Firewall Router SDN Controller Endpoint Protection (Broad Scope?) Scanner (maps to analytics?) Sensor (maps to analytics?)

Status of Actuator Profiles Firewall Profile Introduction and MTI sections complete Data Modeling in process Router Profile Industry to provide initial draft SDN Profile Rework Draft based on earlier work performed by SPAWAR

Actuator Profile Outline Section One: Introduction Purpose/ Scope Applicability Section Two: Language Binding Commands: MTI and Optional Actions, Targets, Modifiers Responses Datatype Definitions Section Three: Command Summary Description of each action in context JSON example commands Section Four: Abstract Schema Use cases provided in a separate repository

Proposed Way Forward SIGN UP for Actuator Profile SC Refine / Prioritize List of Actuator Profiles Identify Editors / working groups Feedback loops Prototype Implementers Language Description Document Management Repository / version control

Implementation Considerations

Implementation Considerations SC Co-Chair Introductions Purpose: Identify External Dependencies Provide Implementation Guidance Existing Artifacts: IA Implementation Considerations document OpenC2 Implementation Considerations document Prototype Implementations

External Dependencies Transport Layer Information Assurance Authentication Authorization Integrity Availability Confidentiality Message Prioritization Message Identification/ Acknowledgment

Contributions Wanted Subcommittee participants Subcommittee secretary Document editors

Collaboration Tools

‘Suite’ of Tools GitHub Slack GoogleDocs OASIS Wiki JIRA or GitHub Codebase for prototypes, schema’s etc. Existing codebase to remain in place New codebase to be housed in OASIS Slack Informal discussion space All current TC members will be added and members checked biweekly GoogleDocs To be managed by chairs of SC Drafts and Works in progress. OASIS Wiki Repository for Documents accepted by Technical Committee House constructs (issue resolution) House general Information JIRA or GitHub House the action items (change control, what is opened, closed, short summary, pointer to fuller explanation)

Poll for New Business OASIS Borderless Cyber June 21st and 22nd in NYC. Send email on why you use OpenC2 to Duncan Sparrell. On12/6 Prague Joint OASIS meeting with First.org. Does OpenC2 want a face to face?

Action Item Review