[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [openc2-imple] "Technical Reports" in ITU
HII Mission Driven Innovative Solutions (HII-MDIS) â formerly G2, Inc.
Technical Solutions Division
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: dave.lemire@g2-inc.com
Email (effective 1 April 2020): david.lemire@hii-tsd.com
Work: 301-575-5190 | Mobile: 240-938-9350
Duncan,I like your suggestion. I'm starting to explore the ITU website to get a bit smarter, but in the meantime am wondering if there are examples of similar work you could point to so that we get a better idea of the scope of what's needed.Thanks,DaveDavid Lemire, CISSPSystems EngineerHII Mission Driven Innovative Solutions (HII-MDIS) â formerly G2, Inc.
Technical Solutions Division
302 Sentinel Drive | Annapolis Junction, MD 20701
Email: dave.lemire@g2-inc.com
Email (effective 1 April 2020): david.lemire@hii-tsd.com
Work: 301-575-5190 | Mobile: 240-938-9350
X.fgati is a draft at the moment (hence the fgati as opposed to an actual number). And like us, they take baby steps.
At last meeting they had some agreed text. At this meeting they added some more. This âcontributionâ was someone inputting their suggested changes (think of it as pull request) and they did get agreed to. â I think that is wording you were trying to decipher.
Note all ITU âStandardsâ are âRecommendationsâ. ITU is the original âde jureâ (ie by force of law due to treaty obligations)Â standards body (IEC and ISO being the two other de jure standards orgs). Because ITU also does all the radio spectrum allocation, it has politics and nuances in its wording. The âtechnicalâ standards are ârecommendationsâ because it is up to the individual adminstrations (ie. National governments) to decide whether to follow the recommendations and make them into laws/regulations.
Wrt to only two ârecommendsâ â the fact that one of them is to recommend OpenC2 â that is point. They do recommend OpenC2.
Probably we should talk real time and not when Iâm trying to live on Geneva time so I can be coherent and actually understand/reply to what you are asking.
Â
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more atÂhttp://vsre.info/
Â
Â
From: Vasileios Mavroeidis <vasileim@ifi.uio.no>
Date: Tuesday, March 24, 2020 at 5:50 AM
To: "duncan@sfractal.com" <duncan@sfractal.com>
Cc: Vasileios Mavroeidis <vasileim@ifi.uio.no>, Dave Lemire <dave.lemire@g2-inc.com>, "oasis.oc2.icsc" <openc2-imple@lists.oasis-open.org>
Subject: Re: [openc2-imple] "Technical Reports" in ITUÂ
Duncan,
Â
I can certainly contribute. Keep me posted.
Â
Regarding the attached doc Iâm a bit confused. Is that a draft or as they say proposed additions of an already submitted work for evaluation with the intent of becoming a standard/recommendations (A proposed ITU recommendation X.fgati)? Because this looks like more of a technical paper-use cases like the ones you would like us to create for ITU.
Â
In the doc they donât provide concrete technical means for implementing their âsuggestionsâ. Just 2 recommendations with respect to sharing cti and c&c. Enlighten me.
Â
-Vasileios
On Mar 23, 2020, at 5:03 PM, duncan sfractal.com <duncan@sfractal.com> wrote:
Â
Iâm moving a specific suggestion from larger TC list to the ICSC list. I circulated a bunch of ITU work to TC mainly to spur language and AP efforts. But this is a separate proposal. The ITU makes recommendations (standards) on interworking and intends to adopt OpenC2. Recs are the hardest to get politically but Iâm sure OpenD2 will go thru since they are anxious to get it. But I also recommend we send them some proposed Committee Notes (our side) to turn into Technical Reports (their side). CTI chose to do their use cases as recommendation. I think weâd get less objection if we proposed our use cases as Technical Reports (TR) instead. TRâs require less formality and approval and are just as good at getting the word out. Note I still feel OpenC2 Specs should be ITU Recs. Itâs just the use cases (and how we relate to other SG17 recs) that would make easy TRâs. We could do one for each of the relevant technologies Âfrom the ITU view (ie how we relate with STIX/fgati, how we relate with malware sandboxes, how we relate with DLT/distributed-ledger-technology-aka-blockchain, how we relate to identity systems, how we relate with 5G, how we relate to secure-multilocation-computing, how we relate to quantum, etc). Obviously the STIX/threat-intel is the main topic â and might be multiple TRâs â but we can also get in on the ground floor of the other technologies and develop our Committee Note/TR on topic even before we get the details of language/AP finalized for the tech. This would both be consistent with our âuse cases firstâ philosophy and might solve the Joe/Duncan âabstractionâ philosophical discussion (ie we probably agree on any particular use case when we are using actual use cases â itâs generalizing where we tend to get into angels-on-head-of-the-pin differences). In the longer run, if we play our cards correctly, the TRâs will set the stage for eventually modifying the relevant ITU specs (on sandboxes, DLT, idam, 5D, SMC, quantum, etc) to recommend OpenC2 for command and control. Admittedly we are a couple of years away from that but we need to set the stage now.
Â
So my suggestion is to get IC-SC to develop the Committee Notes/TRâs I mention above â ie we make Committee Notes designed to be ITU TRâs on relevance of OpenC2 to the work the ITU is currently doing. We should start with obvious ones (packet filtering, endpoint, malware sandbox, âcomply to connectâ, â) but we should also do the more esoteric ones to get them from âbeyond our headlightsâ into âshining light on themâ. Iâd be happy to be a co-editor on any/all of these, but hopefully others can help as well.
Â
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more atÂhttp://vsre.info/
Â
Â
From:ÂTC OpenC2 <openc2@lists.oasis-open.org> on behalf of "duncan@sfractal.com" <duncan@sfractal.com>
Date:ÂMonday, March 23, 2020 at 10:56 AM
To:ÂDave Lemire <dave.lemire@g2-inc.com>
Cc:ÂTC OpenC2 <openc2@lists.oasis-open.org>
Subject:ÂRe: [openc2] Groups - X.fgati uploadedÂ
Might not have been best one to start with. Hopefully todays rdmase has more meat in it of relevance to OpenC2. If nothing else, they should spark thoughts on what they should have had in them.
Â
Suggestions on improving the English would be welcome. Developing more concrete use cases (especially if used OpenC2ÂðÂ) would also be welcome.Â
Back in the day most ITU recs were written in either French or English with some Japanese, but now the Chinese contribute more than everyone else combined, with Korea in second place. I consider us lucky we still Âmeet and draft in English.
Â
Some of the awkwardness is 2nd-language issues. Some is trying to do too much with too little effort - and therefore not doing good quality control. But some is compromised wording. I just was on a call that agreed to really horrible awkward title as a compromise (allowed both sides to have their way â so its effectively meaningless to anyone not present. I made that point to no avail). âA camel is the compromise of a committee trying to design a horseâ. Outside eyes without baggage help â ie comments welcome.
Â
I talked one group today into letting me put their work on github so we could track issues and do better change control. They are letting me try as an experiment. Hopefully that will catch on and make stuff like this easier in future. Of course that means I need to do the work to get it on github.Âð
Â
Â
Duncan Sparrell
sFractal Consulting LLC
iPhone, iTypo, iApologize
I welcome VSRE emails. Learn more atÂhttp://vsre.info/
Â
Â
From:ÂDave Lemire <dave.lemire@g2-inc.com>
Date:ÂMonday, March 23, 2020 at 9:05 AM
To:Â"duncan@sfractal.com" <duncan@sfractal.com>
Cc:ÂTC OpenC2 <openc2@lists.oasis-open.org>
Subject:ÂRe: [openc2] Groups - X.fgati uploadedÂ
I took the time to read this on Friday. It's relatively high level, so I don't see a lot of potential to extract use cases from it.
Â
Also, based on the Chinese authors I presume this is English as a 2nd language, but it got me wondering if many ITU documents are as repetitive as this.
Â
Dave
Â
David Lemire,ÂCISSP
Systems Engineer
HII Mission Driven Innovative Solutions (HII-MDIS) â formerly G2, Inc.
Technical Solutions Division
302 Sentinel Drive | Annapolis Junction, MD 20701
Email:Âdave.lemire@g2-inc.com
Email (effective 1 April 2020):Âdavid.lemire@hii-tsd.comÂ
Work:Â301-575-5190 |ÂMobile:Â240-938-9350
Â
Â
On Fri, Mar 20, 2020 at 4:33 AM Duncan Sparrell <duncan@sfractal.com> wrote:
Submitter's message
This proposed ITU recommendation X.fgati "Framework and Guidelines for Applying Threat Intelligence in Telecom Network Operation" is from ITU SG17 mtg 3/2020. OC2 members should be pleased to note that our OpenC2 specs are referenced, included in the figure 7-1 as the interface to firewalls, ids, anti-ddos, etc. Of special interest, note the wording near the end of section 7 that states "Security command and control is recommended to use OASIS OpenC2 specifications". "is recommended" is less strong than "is required" but is still pretty good. It means OC2 is the preferred approach but you are allowed to use other interfaces. Members of OC2 TC may want to review this document for use cases we have not yet covered so we can further expand our language, actuator profiles, and transport specs to meet all needs.Â
-- Mr. Duncan SparrellÂ
Document Name:ÂX.fgati
Description
A proposed ITU recommendation X.fgati "Framework and Guidelines for
Applying Threat Intelligence in Telecom Network Operation" from ITU SG17
mtg 3/2020Â
Download Latest Revision
Public Download Link
Submitter: Mr. Duncan Sparrell
Group: OASIS Open Command and Control (OpenC2) TC
Folder: Documents
Date submitted: 2020-03-20 01:33:29Â
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]