I’m always happy to talk about ontologies and also to happy to discuss the Cognitive Playbooks we use to capture the step by step workflow as well as reasoning and inference. If you think of an orchestrator action playbook as applying IF
THEN ELSE conditional statements and leveraging APIs to access different sensors and actuators for different actions, you can think of Cognitive Playbooks as applying IF THEN ELSE conditional statements, leveraging APIs, as well as being able to support Inference
via the inference engine (a core architectural piece of an expert system).
The ontologies really focus on integrated knowledge and applying an analysis methodology the DOD/IC call Object-Based Production to organize what is known. This use of knowledge representation then enabled a second analysis methodology
known as Activity-Based Intelligence that can be automated for monitoring the known knowns, researching the unknown-knowns, searching for the known-unknowns, and discovery of the unknown unknowns.
Again, always happy to discuss these topics so feel free to hit me up anytime.
Best,
Shawn
Shawn Riley
Chief Visionary Officer &
Technical Advisor to the CEO
DarkLight, Inc.
Email: shawn@darklight.ai
From: Considine, Toby <Toby.Considine@unc.edu>
Sent: Monday, April 29, 2019 8:55 AM
To: Shawn Riley <shawn.p.riley@darklight.ai>; openc2-lang@lists.oasis-open.org
Subject: RE: ISO 15926 for Cybersecurity
Superb!
I look forward to talking in person. Perhaps more than once.
tc
From: Shawn Riley <shawn.p.riley@darklight.ai>
Sent: Monday, April 29, 2019 10:11 AM
To: Considine, Toby <Toby.Considine@unc.edu>;
openc2-lang@lists.oasis-open.org
Subject: RE: ISO 15926 for Cybersecurity
At Integrated Cyber on May 2-3 I’ll be giving a joint presentation with R9B on Modern A.I. Expert Systems for Active Defense and explaining how the expert system uses W3C OWL2 (DL) standardized knowledge representation language to create
ontologies. We have ontologies to represent enterprise assets, sensor output, ontologies to represent the layers of cyber terrain, ontologies to represent the cyber effects matrix (CEM), ontologies for cyber dictionaries like CAPEC, CWE, and CVE, ontologies
for modeling threats like STIX v2, ODNI Cyber Threat Framework, and the NSA/CSS Technical Cyber Threat Framework. We also have ontologies that are being developed by the wider cybersecurity community such as the Unified Cyber Ontology and the Cyber-investigation
Analysis Standard _expression_ (developed by the DFIR community). We also have SWRL ontologies that encode human expert experience in reasoning that can be applied to any knowledge in the knowledge base such as rules for reasoning over STIX data, rules for reasoning
over the NSA/CSS Technical Cyber Threat Framework, rules for converting sensor observations to STIX, rules for reasoning over the layers of the cyber terrain, etc.
Happy to chat more about ontologies (knowledge representation and reasoning) and how we’re using them in the cyber domain. If you’re at Integrated Cyber this week we can chat in person, otherwise we can find a time to chat online.
Best,
Shawn
Shawn Riley
Chief Visionary Officer &
Technical Advisor to the CEO
DarkLight, Inc.
Email:
shawn@darklight.ai
From:
openc2-lang@lists.oasis-open.org <openc2-lang@lists.oasis-open.org>
On Behalf Of Considine, Toby
Sent: Monday, April 29, 2019 7:47 AM
To: openc2-lang@lists.oasis-open.org
Subject: [openc2-lang] ISO 15926 for Cybersecurity
ISO 15926 for Cybersecurity
In large industrial controls systems have worked on ontological management for some time. For example, large oil and gas systems have multi-business unit scale control systems that have interactions with each other that vary from sequencing
(interfering with an upstream process will shutdown later sates in processing) to competition for resources over time, to spatial (these things run through the same chase, so a fire in one will shut down control of the other) and many more.
These large systems have built ontological systems around the processes to manage inter-system interactions and vulnerabilities. (I’m thinking of ISO 15926). Are there similar developments in use to understand cybersecurity issues in large
processes and should this sort of issue be noted in a high level view of distributed cybersecurity?
tc
"A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away."
-Antoine de Saint-Exupery
|
Toby Considine Toby.Considine@gmail.com |
|
Chair, OASIS OBIX Technical Committee Chair, OASIS WS-Calendar Technical Committee Editor, OASIS Energy Market Information Exchange (EMIX) Editor, OASIS Energy Interoperation |