Great. Thank you!
Wrt to contribs â yes please fork and make a pull request and if I donât merge it right away (I get zillions of github emails), email me directly (I read emails from people, less so from github) and Iâll merge.
I went ahead and added you as lead on TAC on
https://github.com/sparrell/casp/blob/main/Plugfests/2024-03-NorthernVirginia/Prep2/README.md but feel free to
- recruit some more orgs (including your own?) to add on that list (just UiO at moment),
- recruit people to add in some TAC âpractitioner use casesâ to show how TAC fits into WitchyWashy and/or into Olympic Destroyer or add in new Value Props
if that helps show off TAC better
- recruit people to help create some TAC âtraining Q&Aâ for the QuadBlockQuiz game (my baby so happy to talk sometime if you want â basically some questions
written in a way to include the answer with the purpose to teach people the value of your project). Itâs been used at RSAC several times, at BSides, and at corporate events and Iâm adapting it for the village to show off the Village projects.
- think about âyourâ (doesnât have to be you, but you get first dibs. And if it isnât you, then you do have to recruit someone else to do it) presentation
at Village on TAC. Note the opening session will explain the use cases (value/practioner/demos) and explain the next couple sections â the first of which will be x minutes per project (ie TAC is a project) explaining what the project is and how it fits into
the Value Prop and Practitioner use cases â ideally listing where TAC shows up in the third section which is each company/agency (or combos of them when multiple interwork) gets y minutes to talk about their âdemoâ (demo may be all had waving but ideally has
actual data and even more ideally has that data moving between orgs). Note x and y will probably be shorter than anyone wants because we have a lot of projects and we have a lot of company/agencies wanting to show stuff off.
- The intent is to have a good handle on previous bullet by prep2 on March 5 so we can finalize agenda.
- The intent is to have all demos ideally working by 3/5 but definitively working by 4/10 (ie the halfday dryrun the day before the Village)
Wrt what to call it â I consider a village to be a plugfest (ie things talking to each other), workshop (ie talks and discussion), and hackathon (ie writing new code on the fly to interwork with other stuff)
all in one. And for marketing reasons, I think Village has a better connotation (because that is what Defcon, RSAC, BSides, etc all call them) than plugfest for the execs we want to impress.
--
Duncan Sparrell
sFractal Consulting
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more at http://vsre.info/
From:
tac@lists.oasis-open.org <tac@lists.oasis-open.org> on behalf of reh@ctin.us <reh@ctin.us>
Date: Thursday, February 8, 2024 at 4:06âPM
To: duncan sfractal.com <duncan@sfractal.com>, tac@lists.oasis-open.org <tac@lists.oasis-open.org>
Subject: RE: [tac] TAC at the Cybersecurity Automation Village in April
Duncan,
I would be happy to be the TAC lead for the Cybersecurity Automation Village.
We are converging on calling it: Cybersecurity Automation Village Plugfest, or simply Plugfest
I can not directly edit the README.md as I am not a maintainer.
How would you like me to proceed? Fork and Pull Request?
Please advise.
I strive to be an easy cat to herd.
Cheers,
Ryan
From: tac@lists.oasis-open.org <tac@lists.oasis-open.org>
On Behalf Of duncan sfractal.com
Sent: Tuesday, February 6, 2024 4:51 PM
To: tac@lists.oasis-open.org
Subject: [tac] TAC at the Cybersecurity Automation Village in April
Would someone from TAC (Ryan?) be willing to be the TAC lead for the upcoming Cybersecurity Automation Village in April â what you are calling the plugfest?
The plan is to attempt to have those with âsweat equityâ (ie something to show and talk about that ties the use cases and projects together from a vendor/os-project/TC/whatever viewpoint) ready by the âprep2â
on March 5.
https://github.com/opencybersecurityalliance/casp/blob/main/Plugfests/2024-03-NorthernVirginia/Prep2/README.md is what we have so far and youâll note itâs light on TAC (ie no lead, and so far only one org â UiO â agreeing to participating wrt TAC).
Let me know who to put as lead for TAC (as I donât have time to herd TAC cats â Iâm just trying to herd the leads of the projects) and ideally add a few more orgs to the TAC sweat equity list as well as tweaking
the âValue Propositionsâ to show TAC value, and adding some TAC-practitioner-use-cases with some sample TAC data.
--
Duncan Sparrell
sFractal Consulting
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more at http://vsre.info/
Summary
The OASIS TAC-TC (Threat Actor Context Technical Committee) Monthly Meeting held in January 2024 focused on advancing cybersecurity standards and practices. The meeting brought together representatives from diverse sectors including telecommunications (AT&T), banking (ANZ Banking Group), cybersecurity (CTIN), academia (University of Oslo), and law enforcement (US FBI), reflecting the interdisciplinary approach necessary for tackling modern cybersecurity challenges.
Key Topics Discussed:
STIX Ontology Progress: The committee reviewed the development of the STIX (Structured Threat Information _expression_) ontology, which is pivotal for standardizing the representation and exchange of cybersecurity threat information. This ontology facilitates the automation and integration of threat data across different systems and platforms, enhancing the overall efficiency of cybersecurity measures.
Cybersecurity Automation for Plugfest Event: Preparations for the upcoming cybersecurity automation 'plugfest' event were discussed. This event aims to test and demonstrate the interoperability of cybersecurity tools and technologies, ensuring that they can work seamlessly together to detect, mitigate, and prevent cyber threats. The plugfest represents a practical application of the committee's work, showcasing advancements in automation that can streamline cybersecurity operations.
Integration of Threat Actor Context Ontology: The meeting emphasized the importance of integrating the threat actor context ontology into cybersecurity practices. This ontology is designed to provide a more nuanced understanding of threat actors, including their motives, tactics, and behaviors. By incorporating this context, cybersecurity professionals can better predict and counteract the actions of potential threat actors, leading to more effective defense strategies.
Action Items:
Preparation for the Cybersecurity Automation Village Plugfest: Committee members were tasked with finalizing the preparations for the plugfest event. This includes ensuring the interoperability of participating technologies, setting up demonstration scenarios, and coordinating with participants to highlight advancements in cybersecurity automation.
Further Development and Integration of Ontologies: The committee is to continue its work on developing and refining the STIX ontology and the threat actor context ontology. This involves addressing any identified gaps, enhancing the ontologies' capabilities for detailed threat representation, and integrating them into cybersecurity tools and practices.
Improvement of Interoperability and Automation Capabilities: An ongoing action item is the enhancement of interoperability between different cybersecurity systems and the automation of threat detection and response processes. This effort is crucial for keeping pace with the rapidly evolving cyber threat landscape and ensuring that cybersecurity measures are as efficient and effective as possible.
The OASIS TAC-TC Monthly Meeting underscored the critical role of collaboration across sectors in advancing cybersecurity standards and practices. By focusing on the development of ontologies and the practical demonstration of cybersecurity automation, the committee is working to create a more secure and resilient digital environment.
Patrick Maroney | Principal â Cybersecurity | AT&T Services, Inc.
Threat Analytics
e: patrick.maroney@att.com | p: 732.615.5287
From: MARONEY, PATRICK <rx118r@att.com>
Date: Tuesday, February 6, 2024 at 3:44 PM
To: JG @ OASIS <jg@ctin.us>, tac@lists.oasis-open.org <tac@lists.oasis-open.org>
Subject: Re: [tac] TAC TC Meeting NotesRe: âthe AI generated Transcript.â â Interesting. Definitely requires some post-facto editing/curating but very interesting nonetheless! Especially for overworked TC Secretaries. Might be interesting to see it taken to the next level (i.e., âSummarize the Transcript to identify key concepts, action itemsâ.â
Patrick Maroney | Principal â Cybersecurity | AT&T Services, Inc.
Threat Analytics
e: patrick.maroney@att.com | p: 732.615.5287
