OpenC2 will fill a critical gap in our standards landscape and drive interoperability that will be crucial for cyber defense.
September 05, 2017
Organizations and government agencies from Asia, Australia, Europe, and the U.S. are joining forces to advance a standardized language for cyber operations command and control. The work of the new OASIS OpenC2 Technical Committee enables defenders to respond to cyber-attacks in machine-speed. It also helps ensure greater interoperability among products.
Cyber threats are realized in seconds while human responses can take weeks. By providing a common language for machine-to-machine communication, OpenC2 makes it possible for defenders to conduct automated, coordinated, tactical threat responses more accurately and at speeds greater than those previously possible.
Most environments include hundreds of types of systems and devices. Without OpenC2, every device needs to be manually configured or sent commands in real time. This not only slows down incident response, it introduces the potential for human error. With OpenC2, defensive actions can be applied automatically to vulnerable devices in the environment.
“As cyber threats continue to proliferate and accelerate, the community needs foundational mechanisms for coordinating, exchanging, and executing defensive responses at machine speed,” said Neal Ziring, Technical Director, Capabilities Directorate, U.S. National Security Agency (NSA). “OpenC2 will fill a critical gap in our standards landscape and drive interoperability that will be crucial for cyber defense.”
OpenC2 is platform- and product-agnostic. It complements active cyber defense approaches. Using OpenC2, organizations can devise ways of preventing specific threats and share those methods with others in precise, machine-readable terms. Receiving organizations can apply the mitigation directly to their environments without concern about interoperability.
“Moving OpenC2 to the OASIS international standards body is a major milestone and has had a very positive impact on the effort,” said Joe Brule of the NSA, co-chair of the OASIS OpenC2 Technical Committee. “OpenC2 now has in excess of 100 members representing 54 organizations from industry, government, academia, the financial sector, power grid and other…