TC (CTI) Charter -Suggestion: Add "Standardized Representations" for Organizational Entities

[Patrick Maroney <Pmaroney@Specere.org>]

(1)(b) Statement of Purpose, paragraph 3

Suggest consideration of expansion of scope in Section (1)(b) of CTI TC Charter to include "Standardized Representations" for overall Organizational Entities (e.g., Adversary, Intermediate, Target).  Ultimately many of us want to represent the entire Cyber-Battlespace
 holistically in our models which in turn requires common representation of organizations and their unique attributes and behaviours as an entity.

"Standardized representations will be developed for Organizational entities (e.g., Adversary, Intermediate, Target), campaigns, threat actors, incidents, tactics techniques and procedures (TTPs), indicators, exploit targets, observables, and courses of action. 
 These core components and their inter-relationships together will enable robust cyber threat analysis and intelligence sharing."

Presumably technical implementation would leverage OASIS CIQ (with Cyber Domain extensions if/as required). 

A standard Organizational Representation could in turn enable an extension for normalized/deterministic tokenization to redact/transform Attacker/Target attributional data (while still conveying useful targeting metadata and generalixed context).  For example,
 sharing email targeting lists for APT targeted sprear-phising campaigns with other oganizations can be extremely valuable.  Replacing attributional employee/organizational data removes  current impediments.



Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104
pmaroney@specere.org