Industry Insights: Shared Standards - OpenC2

Author: Joe Brule
September 2019

The need for Coordination of Attack Response at Internet Scale is hardly a contentious topic; however, discussions, strategies and efforts towards these ends have limited utility should the approaches fail to consider the following postulate:  ‘Internet Scale’ involves two attributes. 

  • Any information model must be widely understood and unambiguous (a semantic metric)

  • A cyber response must occur within cyber relevant time (a temporal metric)

Engineering strategies, design principles and approaches must support or at least be consistent with this postulate if we are to achieve coordinated response at scale.  We consider the following engineering principles to be consistent towards this goal.

  • Separation of Concerns:  Decouple the functional blocks within a cyber-defense system to the greatest extent practical.

  • Standards based Interfaces:  All inputs and outputs (i.e. the primitives) must be standards based.

  • All designs and implementations are public knowledge (an extension of Kerckhoff’s principle). 

Cyber systems are subject to a global threat from adversaries that are increasingly dynamic and operate at machine speed.  Modern cyber defense products tend to operate in isolation and often statically configured.  The use of statically configured point defenses against a global attack surface is not tenable.  Future systems need to a coordinated defenses operating in cyber relevant time. 

Creating coordinated cyber defense systems in the absence of standards is impractical. The integration of a suite of monolithic products may result in redundant cyber defense functions, incompatible functions and capability gaps. The functional blocks within a given product may be tightly coupled with other functions and the may not be directly accessible by way of an API.  Typically, integration efforts are expensive, require customized interfaces, and if tightly coupled, difficult to maintain or modernize.   

The Open Command and Control (OpenC2) effort is a technical committee within the OASIS International Standards Body.  The purpose of OpenC2 is to define a standardized language for command and control of cyber defense technologies and their first suite of specifications were released in July of 2019.