To OASIS Members:
A draft TC charter has been submitted to establish the OASIS Open Command and Control (OpenC2) Technical Committee. In accordance with the OASIS TC Process Policy section 2.2: (https://www.oasis-open.org/policies-guidelines/tc-process#formation
) the proposed charter is hereby submitted for comment. The comment period shall remain open until 23:59 UTC on 27 March 2017.
A telephone conference will be held among the Convener, the OASIS TC Administrator, and those proposers who wish to attend within four days of the close of the comment period. The announcement and call-in information will be noted on the OASIS Charter Discuss Group Calendar.
We encourage member comment and ask that you note the name of the proposed TC (OpenC2) in the subject line of your email message.
--- Charter ---
(1)(a)Name of the TC
OASIS Open Command and Control (OpenC2) Technical Committee.
(1)(b)Statement of Purpose
The fact that cyber-attacks are increasing in terms of sophistication, speed and dynamics of the attack steps is well documented. Advanced cyber actors are utilizing automation with adaptive tradecraft and these trends are likely to continue.
The traditional cyber security and response approach is through the use of monolithic systems that tightly couple the sensing, analytics, decision making and acting blocks of cyber-defense activities. Upgrading or modification of the functional blocks within the cyber-defenses is intensive, may impact the efficacy of the system as a whole and in many cases cannot be realized within cyber-relevant time. The traditional approach can lead to systems that are relatively static and are difficult to coordinate inter-domain responses to cyber-attacks.
Future defenses will require the integration of new functional blocks, coordination of responses between domains, synchronization of cyber defense mechanisms and automated actions to mitigate current and pending attacks within cyber relevant time. Key enablers for the realization of more responsive, flexible, product agnostic and interoperable cyber defense components include the standardization of interfaces and the adoption of standard protocols. This will facilitate interoperability and enable unambiguous machine to machine command and control messages.
The purpose of this technical committee is to create a standardized language for the command and control of technologies that provide or support cyber defenses.
(1)(c) Scope of Work
The technical committee will draft documents, specifications, lexicons or other artifacts to fulfill the needs of cyber security command and control in a standardized manner. The technical committee will leverage pre-existing standards to the greatest extent practical. Therefore identifying gaps pertaining to the command and control of technologies that provide or support cyber defenses is within the technical committee’s scope of work.
The technical committee will base its initial efforts on artifacts generated by the OpenC2 Forum. Prior to the creation of this TC, the OpenC2 Forum was a community of cyber-security stakeholders that was facilitated by the National Security Agency. The OpenC2 Forum drafted a language description document, actuator profiles and open source prototype implementations. Since its inception, the Forum intended to transition its efforts to a recognized standards body. This TC can leverage the pre-existing artifacts produced by the OpenC2 Forum to provide a foundation to base its development.
It is recognized that command and control of technologies is necessary but insufficient for cyber-security, therefore every effort will be made to ensure that artifacts produced will be done so in the context of being implementation agnostic and striving toward an architecture that decouples the functional blocks utilized by cyber-defense.
Other implementation aspects such as transport, authentication, key management, cyber-threat sharing, situational awareness and other services are being addressed by other efforts. The OpenC2 Forum may specify or otherwise leverage pre-existing standards to address external dependencies, identify implementation considerations etc., however the creation of additional standards for these aspects are beyond the scope of this technical committee.
This technical committee will collaborate with other technical communities to ensure consistency and avoid duplicative efforts. In particular, this committee will work closely with the OASIS Cyber Threat Intelligence Technical Committee (CTI TC). The OpenC2 Technical Committee will focus on the Acting or Response portion of cyber defense but recognizes that there are significant interactions with the functional blocks associated with sensing, analytics and decision making.
Within 18 months of its first, meeting, this TC expects to deliver the following:
* A Language Description Document (LDD). The LDD will define a lexicon, the actions, syntax, semantics and other general aspects of the language.
* Security Considerations Document (SCD). By design, OpenC2 strives to be as agnostic of the message fabric as practical and in and of itself does not provide Information Assurance. The SCD will identify IA concerns that implementers should be aware of and are not addressed by OpenC2.
* Implementation Considerations Document (ICD). By design, OpenC2 strives to be as agnostic of the message fabric as practical and matters other than the command itself are treated as external dependencies. The ICD will identify the transport and interface concerns that must be addressed.
* JSON Abstract Encoding Notation (JAEN). JAEN will provide a schema so that commands may be validated and ensure interoperability.
* OpenC2 JSON Schema. The OpenC2 JSON schema will facilitate the encoding and validation of commands for implementations that choose to use JSON encoding.
* Other to be determined artifacts agreed upon by the TC such as interoperability specifications, implementation guidelines, OpenC2 tutorials etc.
In addition to the identified deliverables, this TC shall maintain the following:
* Actuator Profile Subcommittees. The cyber defense industry is evolving and producing new products and solutions, therefore it is not pragmatic for the LDD to encompass all aspects of the cyber defense industry. An actuator profile will document the portions of the LDD that are mandatory to implement, optional to implement as well as define any specifiers and modifiers that are specific to a particular cyber defense function.
* Library of prototype implementations, sample commands, polyglot implementation and other artifacts as they pertain to the command and control of cyber defense technologies. This library will be maintained as an Open Repository of the TC.
* Language Description Document Subcommittee. The purpose of this committee is to act as a focal point to submit comments to the language description document. The subcommittee will track comments and ensure that the comments are presented to the TC for resolution.
* Implementation Considerations Subcommittee. The purpose of this subcommittee is to identify external dependencies and provide implementation guidance.
(1)(e) IPR Mode
This TC will operate under the Non-Assertion IPR mode as defined in Section 10.3 of the OASIS IPR Policy document.
The anticipated audience for this work includes:
* Vendors of products that execute tasks in order to investigate, mitigate and/or remediate cyber-attacks.
* Vendors of products that orchestrate coordinated responses by execution of a workflow.
* Organizations that architect and or integrate defenses for cyber domains.
* Academia or other stakeholders interested in the research, development and prototyping of cyber defense strategies, architectures and/or technologies.
TC business will be conducted in English. The output documents will be written in (US) English.
(2)(a) Identification Similar Work
The OpenC2 Forum was chartered in 2016 to address matters as they pertain to command and control of cyber defense technologies. The effort was appropriate for purposes of providing a forum for stakeholders to meet, propose, draft and resolve artifacts such as description documents, implementation considerations, prototype use case implementations and similar efforts however, the forum is not suitable for the creation of a recognized standard nor was it as deliberative as an OASIS Technical Committee. The proposed OASIS Technical Committee will continue and enhance the efforts of the OpenC2 Forum.
The approach taken by the OpenC2 Forum is unique in that it decouples the action, target and actuator which permits a relatively small number of defined actions to accommodate a large number of complete commands.
The Cyber-Threat Intelligence Technical Committee (CTI TC) is an OASIS Technical Committee that focuses on the modeling, analysis and sharing of cyber threat intelligence. The distinction between the proposed technical committee and the CTI TC is that the proposed TC will focus on the action in response to cyber threats which may be influenced, but not solely driven by, threat intelligence. These two efforts will complement each other in that the OpenC2 Technical Committee will be able to benefit from the threat intelligence sharing capabilities of the CTI TC. The proposed OASIS Technical Committee will liaison with the CTI TC to ensure compatibility, avoid duplication of efforts, and maintain separation of concerns.
The OpenC2 forum was unable to identify similar initiatives with the goal to standardize command and control at a similar level of abstraction, hence it is believed that this TC's work product is non-duplicative of any other standardization effort.
(2)(b) First TC Meeting
The General Dynamics Corporation, on behalf of the National Security Agency shall sponsor the first meeting of the OpenC2 Technical Committee. The kickoff will be a face to face meeting and electronic means will be provided to accommodate those who cannot attend in person. The meeting date and time will be provided in the Call for Participation.
(2)(c) Ongoing Meeting Schedule
For the 12 month period following the first meeting, the National Security Agency will host monthly teleconferences and webex meetings for the purpose of executing the business of the OpenC2 Technical Committee.
(2)(d) TC Proposers
The following OASIS members have identified themselves as being supportive of the proposal, are committed to the charter, and support the proposed schedule.
5. Patrick, Paul, FireEye, Paul.Patrick@FireEye.com
(2)(e) Primary Representatives’ Support
The following primary representatives have stated their support of the OpenC2 TC:
1. I, Bret Jordan, firstname.lastname@example.org
, as Symantec Corporation's Primary Representative to OASIS, confirm our support for the OASIS OpenC2 Technical Committee (OpenC2 TC) charter and the participation of our proposer.
2. I, Duncan Sparrell (email@example.com
) as sFractal Consulting’s Primary Representative to OASIS, confirm our support for the OASIS OpenC2 Technical Committee (OpenC2 TC) charter and my participation.
3. I, Allan Thomson, firstname.lastname@example.org
, as LookingGlass Cyber Solutions’ Primary Representative to OASIS, confirm our support for the OASIS OpenC2 Technical Committee (OpenC2 TC) charter and my participation.
4. I, Narendra Vad (email@example.com
) as a Primary representative from Cisco to OASIS confirm our support to OASIS Open C2 Technical committee (Open C2 TC) charter and participation of our co proposer from Cisco.
5. I, Trey Darley (firstname.lastname@example.org
), as Kingfisher Operations’ Primary Representative to OASIS, confirm our support for the OASIS OpenC2 Technical Committee (OpenC2 TC) charter and my participation.
6. I, Sourabh Satish (email@example.com
), as Phantom Cyber’s Primary Representative to OASIS, confirm our support for the OASIS OpenC2 Technical Committee (OpenC2 TC) charter and my participation.
7. I, Kent Landfield (firstname.lastname@example.org
), as Intel Corporation’s Primary Representative to OASIS, confirm our support for the OASIS OpenC2 Technical Committee (OpenC2 TC) charter and my participation.
8. I, Paul Patrick (Paul.Patrick@FireEye.com), as FireEye’s Primary Representative to OASIS, confirm our support for the OASIS OpenC2 Technical Committee (OpenC2 TC) charter and my participation.
9. I, Gunnar Peterson (email@example.com
), as Bank of America’s Primary Representative to OASIS, confirm our support for the OASIS OpenC2 Technical Committee (OpenC2 TC) charter and the participation of our co-proposer from Bank of America.
10. I, Daniel Riedel (firstname.lastname@example.org
), as New Context Services, Inc's Primary Representative to OASIS, confirm our support for the OASIS OpenC2 Technical Committee (OpenC2 TC) charter and the participation of our proposer listed above.
(2)(f) TC Convener
The convener of the TC will be Mr. Joseph Brule (email@example.com
) of the National Security Agency.
(2)(h) Anticipated Contributions (now in draft)
The OpenC2 TC anticipates the following contributions from the OpenC2 Forum:
OASIS, Director of Information Services