OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

openc2-lang message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Meeting Monday of the Language Committee

This is the first step of the transition to the new schedule of First Mondays of the month. This month we are on the second week because I was out of the country and many time zones away last week.

 

I am looking to finalize the agenda by early morning (to allow folks to get to work and send me a note). It looks like the erratum passed in my absence, so that is good.

 

If no one makes any suggestions, then I will turn to some of my own language concerns, which is how OpenC2 addresses some of the broader concerns of Operational Technology (OT).

 

You can find my concerns on the use-cases github (https://github.com/oasis-tcs/openc2-usecases) It may or may not be in the main project or in a branch with my name on it depending upon when you look.

 

A significant new area, I think, is some sort of queries to improve situation awareness within the cybersecurity realm. What would this look like?

 

One does not get far into OT w/o running into the issues of alarms/events. Some operational control protocols do not distinguish, and term every thing that happened (furnace turned on!) as an alarm. IF we choose to support alarms, then OpenC2 must offer firmer guidance than this.

 

A key issue is that OT often supports critical infrastructure. If I turn of your power, I do not have to take down your server. If I overheat your server room, your firewall and malware prevention will avail you little. Does OpenC2 need new language for this area?

 

Many control protocols are somewhat obscure, very low level, and essentially occult to the traditional IT world. Some years ago, I worked on an effort to make control protocols travel safely over enterprise networks. OASIS OBIX 1.1 is freely available and can be a quick introduction to how the communications of operational things is developing, if you are interested.  As a control language abstraction, it is not exactly the same as the underlying protocols, but it is at least a document easy to get to.

http://docs.oasis-open.org/obix/obix/v1.1/obix-v1.1.html

 

If you do not think that Situation Awareness and OT are the next challenges for the Language Subcommittee, what do you think we should consider next?

 

tc

 

 

 

 

 

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]