Abstract
The fact that cyber attacks are getting increasingly sophisticated and performed at machine speed motivated the development of OpenC2. This paper presents Open Command and Control (OpenC2), a suite of specifications that enable command and control of cyber defense systems and components at machine speed and in a manner that is agnostic of the underlying technologies utilized or of any other aspects of particular implementations. OpenC2 provides the means to introduce standardized interfaces to cyber defense systems, enabling interoperability and allowing seamless integration, communication, and operation between decoupled blocks that perform cyber defense functions. The suit of specifications includes a semantic language that enables machine-to-machine communication for purposes of command and control of cyber defense components, actuator profiles that specify the subset of the OpenC2 language and may extend it in the context of specific cyber defense functions, and transfer specifications that utilize existing protocols and standards to implement OpenC2 in particular environments. Fundamentally, OpenC2 addresses the acting part of the Integrated Adaptive Cyber Defense (IACD) framework and is designed to be technology agnostic, concise, abstract, and extensible. Ultimately, OpenC2 is a building block for enabling coordinated defense in cyber-relevant time, shifting traditional monolithic cyber response approaches to more granular, flexible, and adaptive.
Highlights
1.1 MotivationTransitioning to an entirely interconnected world has introduced new challenges to securing our cyber systems, data, and underlying digital infrastructures
Extensive use of prose and limited utilization of existing taxonomies that undermine the querability of the knowledge base and minimize interoperability and the ability to perform reasoning;
Barriers to overcome include little focus on dedicated ontological cyber threat intelligence efforts that can account for the strategic, operational, and tactical levels; ambiguity in ontology concepts that prevent ontology integration and adoption; extensive use of prose and limited utilization of existing taxonomies that undermine the querability of the knowledge base and the ability to perform reasoning; lack of relationships between concepts that can support interpretation and explainability; and minimal use of ontology axioms and constructs that can be used for semantic consistency checking and information inference
Summary
1.1 MotivationTransitioning to an entirely interconnected world has introduced new challenges to securing our cyber systems, data, and underlying digital infrastructures. Defenders are challenged by increased detection and response times due to insufficient threat situational awareness and lack of automation in their cyber operations. Juniper Research [33] reports that cybercrime will increase the cost of data breaches to $2.1 trillion globally by 2019, four times the estimated cost of breaches in 2015 For enhancing their security posture, defenders recognized the need to understand threats their organization may face better and started exchanging threat information aiming one organization’s detection to become another’s prevention. Cyber-attacks are increasingly sophisticated, posing significant challenges for organizations that must defend their data and systems from capable threat actors. The attack surface of cyber systems is relative to their complexity, functionality, and connectivity Adversaries and their tactics, techniques, and procedures have become increasingly sophisticated, well-funded, and can operate at machine speed. As presented available threat actor knowledge bases struggle to capture such formalisms resulting in contextual loss and ambiguity
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call