Subject: Specification of some possible interest to OpenC2 members (COEL)
My interest in OpenC2 is in it eventual application to the Internet of Things (IOT).
The IOT may contain order of magnitude more devices than do “corporate networks”, they may be scattered over wide areas. There is a much wider diversity of types of things. It may be operationally impossible to secure the IOT with typical Certificates. The IOT is beginning to make a far greater use of alternate networking architectures such as fabrics. Cyberattacks on the IOT are growing in number even as the diversity of systems increases.
Profiles so far look to telling a firewall (SLPF) to “hunker down” for a duration. I hope to someday be able to create profiles for Things. For now, I am listening and learning.
One of the IOT areas that is rapidly increasing is sensing and tracking of human activities. This runs headlong into both Privacy and Security. Some of you may know of the dangerous leaks of operational data in the middle east that came from the FitBits of soldiers. Moves to customize and optimize medical treatments are beginning to rely on data similar to, and often much richer than, FitBit data. AI Apps for personal phones are becoming able to sense and accurately quantify Pain based on Gait and Acceleration.
One Specification at the heart of this is the OASIS Classification of Everyday Life (COEL). COEL looks to abstract detailed personal data and activity into information that can drive medical decision-making and be folded into anonymized research. In cartoon form, if step seven of a medical rehabilitation is dependent upon a return to a specific level physical activity, then the patient who “goes to the gym” but mostly watches TV is not ready, and the patient who does not have time for the gym, but always takes the stairs at work may be. COEL goes much deeper than that, and includes an entire taxonomy of personal activities that can be abstracted, privatized, and then compared for medical research, for life hacking, and for organizational optimization.
An interesting COEL-based app to consider is scheduling an international meeting at a the right time to optimize alertness and attention based on biorhythm cycles (as detected by COEL devices) using one-time submissions of anonymized current data – the same app could be used for the opposite effect as well.
COEL 1.0 is a Committee Specification on the final home stretch to an OASIS standard, with an active poll outstanding for consent or not.
Just as in OpenC2, the push to get to a released 1.0 is just the first step. With 1.0 out, a wider swath of people will start to build software. With that software will come more informed comments and further development of the specification. But getting to 1.0 is a critical step, as many organizations will not build until it is attained.
If you are the voting member of OASIS for your organization, I urge you to look at this specification and give consent. If you are not, well it may interest you anyway.