Cory Casanavae ,et al, sought to model Threat-Risk at the conceptual level with specific objectives of mapping to NIEM and STIX.
Funding was lost before we could complete this project. However, I still believe that there are valuable artifacts in these prescient efforts:
âThreat & Risk Conceptual Model & Ontology
The threat-risk archive provides for public access to and comment on the candidate OMG standard for threats and risks. This specification provides a conceptual model that is the
basis for vocabularies, ontologies and data structures that facilitate information sharing, federation and analytics. The specification includes mappings to "NIEM Core" and "STIX" which as XML schema for the public safety and Cyber communities, respectively.
Presentations are available in the "Presentations" directory and the current specification is available under "CurrentSpecification". In addition the conceptual model.
A web view of the threat risk model is available here: http://models.modeldriven.org/models/ThreatRisk/Threat%20Risk%20Model.html
Patrick Maroney
Principal - Cybersecurity
Chief Security Office
AT&T Services, Inc.
From:
cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Vasileios Mavroeidis <vasileim@ifi.uio.no>
Date: Tuesday, August 22, 2023 at 1:56 AM
To: MATES, JEFFREY F CIV USAF AFOSI AFOSI/DC3/XT <jeffrey.mates@us.af.mil>
Cc: 'Jim Cabral' <Jim.Cabral@infotrack.com>, 'Duncan Sparrell' <duncan@sfractal.com>, 'cti@lists.oasis-open.org' <cti@lists.oasis-open.org>
Subject: RE: [cti] CTI interest in NIEM?
Hi, +1 for outreach and assistance from my side. Most of the time, lack of awareness is the main issue. What can I do with your technology, and how it supports
mine (use case driven)? Have we ever had the works presented to the TCs of interest?
Hi,
+1 for outreach and assistance from my side.
Most of the time, lack of awareness is the main issue. What can I do with your technology, and how it supports mine (use case driven)? Have we ever had the works presented to the TCs of interest? Possibly many members do not even know the
existence of NIEM (and other relevant works).
Intersecting the two works is not something challenging. Yes, some objects are repetitive, but I don't see a significant issue. It's all about being willing to approve this recommendation and add it as best practice on the documentation/website
for support.
The fairest point came from Keven. If ontologies were introduced, technologically speaking, integration would be almost seamless, with the need to add only some extra semantics for equivalences and reasoning. That's for powerful analytics/context;
otherwise, traditional programmatic approaches can still work.
On Aug 21, 2023 23:25, "MATES, JEFFREY F CIV USAF AFOSI AFOSI/DC3/XT" <jeffrey.mates@us.af.mil> wrote:
Iâm very interested in providing outreach and assistance. Reading through their Cyber Domain I think we could do a look of good helping to normalize this across both standards, and it also might help flesh out some parts of the Incident that we missed.
Ultimately the final format doesnât matter, what matters is that the moving between these should be seamless and the lessons learned in a community can help others when confronted with similar problems.
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> On Behalf Of
Jim Cabral
Sent: Sunday, August 20, 2023 10:59 PM
To: Duncan Sparrell <duncan@sfractal.com>; cti@lists.oasis-open.org
Subject: [URL Verdict: Neutral][Non-DoD Source] Re: [cti] CTI interest in NIEM?
Firstly, I am hopeful that Duncan and others can help discover and continue to evangelize opportunities for CTI and NIEM to collaborate.
That said, I join Duncan in my concerns that others in the CTI community have not yet embraced NIEM as a model for exchanging information between and among domains. As a long,-term proponent of NIEM and related
standards for cross-domsin information sharing, we welcome feedback as to whether this gap is due to unfamiliarity with the NIEM or whether it is to due to specific design choices we in the NIEM technical or business committees have made.
Regardless of whether the CTI community embraces NIEM as a standard for sharing information across domains, we request the CTI stakeholders provide feedback to NIEM regarding any gaps in our current approach
From: "duncan sfractal.com" <duncan@sfractal.com>
Sent: Sunday, August 20, 2023 3:54 PM
To: cti@lists.oasis-open.org
Subject: [cti] CTI interest in NIEM?
Is there interest in getting NIEM to adopt STIX terminology at a minimum and maybe STIX âin totoâ?
Background:
NIEM is an OASIS Open Project (http://niem.github.io/ ) to standardize work the US Government
has been doing for several decades (https://www.niem.gov/) for standardizing information exchange
within and between federal agencies, State/Local/Tribal/Territorial governments, as well as with private industry. NIEM is quite prevalent in the courts, law enforcement, and legal profession, as well as in select industries (ag agriculture, emergency management,
transportation, miliary, â) where the USG had needs for standardizing information exchange. For example, when you get pulled over for a speeding ticket, it's NIEM standards that allow the local police to check what other tickets you got, whether your car was
stolen, whether you are wanted for other crimes etc. And itâs unfortunately also how the insurance company knows you got a ticket so they can hike your rates
😊.
For whatever reason, the âcyber domainâ does not have much support (I believe Iâve been sole attendee with any interest). NIEM sort of acknowledges STIX1.2, as a way to exchange threat information. It will take text/PRâs/editing/etc to actually have NIEM
use the current version of STIX.
Personally I think this is important, especially as more and more cyber cases end up in court; as well as cyber becomes more important to more industries. However at NIEM meetings, I feel like that Greek guy forever pushing the boulder up hill.
Is anyone else interested in participating in NIEM cyber activities? Without more support, Iâm thinking dropping my participation in that effort.
--
Duncan Sparrell
sFractal Consulting
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more at http://vsre.info/
|