Date   

Upcoming Events #cal-summary

oca-pgb@lists.oasis-open-projects.org Calendar <oca-pgb@...>
 

Open Cybersecurity Alliance Project Governing Board Upcoming Events

Walk through of IBM Project Kestrel (Threat Hunting Language) for OCA PGB

When:
Monday, 17 May 2021, 1:00pm to 2:00pm
(GMT-03:00) America/Halifax

Where:
+18445310958,,927997469 https://ibm.webex.com/meet/jason.keirstead Join by phone Access code: 927 997 469 United States of America Toll Free 1-844-531-0958 United States of America Toll +1-669-234-1178 United Kingdom Toll Free 0808-234-3612 Israel Toll Free 180-940-5356 Australia Toll Free 1-800-87-5043 International numbers: https://ibm.webex.com/cmp3200/webcomponents/widget/globalcallin/globalcallin.do?siteurl=ibm&serviceType=MC&ED=555779422&tollFree=1

Organizer: "Jason Keirstead/CanEast/IBM" Jason.Keirstead@...

Details:
Online meeting: https://ibm.webex.com/meet/jason.keirstead

As discussed in the last PGB Monthly call, IBM has been working on a major project for a universal threat hunting language that we would like to open source under the OCA.

This is a demo and Q&A of this project for the PGB. The goal of the demo is to allow PGB members to ask any questions they have so that we can bring this for a formal consideration ballot.

The demo will be recorded in case you can not attend.

View Event


OCA PGB Monthly Call

When:
Thursday, 3 June 2021, 1:00pm to 2:00pm
(GMT-03:00) America/Halifax

Where:
+18445310958,,927997469 https://ibm.webex.com/meet/jason.keirstead Join by phone Access code: 927 997 469 United States of America Toll Free 1-844-531-0958 United States of America Toll +1-669-234-1178 United Kingdom Toll Free 0808-234-3612 Israel Toll Free 180-940-5356 Australia Toll Free 1-800-87-5043 International numbers: https://ibm.webex.com/cmp3200/webcomponents/widget/globalcallin/globalcallin.do?siteurl=ibm&serviceType=MC&ED=555779422&tollFree=1 +18445310958,,927997469 https://ibm.webex.com/meet/jason.keirstead Join by phone Access code: 927 997 469 United States of America Toll Free 1-844-531-0958 United States of America Toll +1-669-234-1178 United Kingdom Toll Free 0808-234-3612 Israel Toll Free 180-940-5356 Australia Toll Free 1-800-87-5043 International numbers: https://ibm.webex.com/cmp3200/webcomponents/widget/globalcallin/globalcallin.do?siteurl=ibm&serviceType=MC&ED=555779422&tollFree=1

Organizer: "Jason Keirstead/CanEast/IBM" Jason.Keirstead@...

Details:
<1611673324300>":Online meeting: https://ibm.webex.com/meet/jason.keirstead

Setting up OCA PGB calls for 2021

View Event


Walk through of IBM Project Kestrel (Threat Hunting Language) for OCA PGB

Jason Keirstead
 

As discussed in the last PGB Monthly call, IBM has been working on a major project for a universal threat hunting language that we would like to open source under the OCA.

This is a demo and Q&A of this project for the PGB. The goal of the demo is to allow PGB members to ask any questions they have so that we can bring this for a formal consideration ballot.

The demo will be recorded in case you can not attend.


Architecture meeting material posted

Russell Warren
 


May 6 meeting minutes, recording and documents have been posted https://github.com/opencybersecurityalliance/documentation/wiki


Re: Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

sfractal
 

To Jason’s point, I’d give odds greater than zero. To arbitrarily change to something that exists (STIX, OpenC2) for something that doesn’t exist yet (eg if Ontology was to say OpenC2 should change ‘deny’ to ‘block’) would be low probability. But if STIX and OC2 had two words for same thing, then yes I think one of them (probably OpenC2 but depended on the details) would change. I don’t think the OC2/STIX is too likely to occur since several people put work into reviewing so it wouldn’t happen (but agree things could have been missed).

I think we all share the goal of one ontology. Personally (albeit limited view) I haven’t seen many conflicts among the existing OASIS specs. The issue is with what vendors that haven’t come round to the specs yet, and even that is slowly chaning for the better.

iPhone, iTypo, iApologize

Duncan Sparrell
sFractal Consulting, LLC
I welcome VSRE emails. Learn more at http://vsre.info/


From: oca-pgb@... <oca-pgb@...> on behalf of Hare, Forrest B. via lists.oasis-open-projects.org <Forrest.B.Hare=saic.com@...>
Sent: Friday, May 7, 2021 2:59:54 PM
To: oca-pgb@... <oca-pgb@...>
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday
 

Yeah.  Whatever Adam said.  That’s it!  ;)

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Adam Montville
Sent: Friday, May 7, 2021 2:54 PM
To: oca-pgb@...
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Would it be fair to say that the ontological layer would provide normalization across all the different views of the world? That seems reasonably accurate and not as “intrusive” as the term subsume. Strictly speaking, XCCDF, OVAL, and the other SCAP constituent specifications all have their own information models that are then embodied by their syntactical specifications. I think what we want is for the OCA ontological layer to normalize that information for use in other subdomains.

 

Is this perspective off base?

 

Kind regards,

 

Adam



On May 7, 2021, at 12:50 PM, Hare, Forrest B. <Forrest.B.Hare@...> wrote:

 

Maybe “subsume” was a bad choice of words.  I guess that implies something going away.  I probably should have used a better term. 

 

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Hare, Forrest B.
Sent: Friday, May 7, 2021 1:45 PM
To: oca-pgb@...
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Knowledge model does not equal data model.  That is mixing apples and oranges.  It is common to do and one reason that data scientists have difficulty embracing ontologies while at the same time stressing that they are needed (like we heard with Kim and team from JHU). That is why I stressed that STIX, etc would keep their data elements and formats, etc.

 

In fact, the logical components of the existing frameworks would be what we build upon to generate the knowledge model (as you suggested).

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Jason Keirstead
Sent: Friday, May 7, 2021 1:35 PM
To: oca-pgb@...
Cc: oca-pgb@...
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

We don't have any control over other already existing standards though (we could influence, but not control). The odds of STIX or OpenC2 or SCAP changing data model is... I would argue close to 0.

 

Instead a more workable approach is to try to use those already-existing domain models as the foundation for our model.

 

-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management
www.ibm.com/security

Co-Chair - Open Cybersecurity Alliance, Project Governing Board

 

 

----- Original message -----
From: "Hare, Forrest B." <Forrest.B.Hare@...>
Sent by: oca-pgb@...
To: "'oca-pgb@...'" <oca-pgb@...>
Cc:
Subject: [EXTERNAL] Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday
Date: Fri, May 7, 2021 2:31 PM
 
Russ, I made a few comments on the latest draft of the document. In general, I think it is coming along nicely. My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd

Russ,

 

I made a few comments on the latest draft of the document.  In general, I think it is coming along nicely.

 

My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually subsume all the other language/protocol projects that have been done to date to further ensure their interoperability.  So STIX, OpenC2, SCAPv2, etc would all keep their data elements and message formats, but they would all speak the same language- the language of the OCA Ontology.  The end result would be a much more intuitive knowledge model that allows all cybersecurity SMEs, and non-SMEs communicate clearly with each other (in any form to include conversations) and with the computer.

 

At least that is my dream.  I’ll admit that didn’t work out too well for Esperanto.  But the one thing we have going for us is the machine-readable part.  The machines will force logic on us if we want them to work properly.  So we kind of have to do this if we ever want to get ahead of the upcoming phase of data paralysis that will ensue when we achieve full data integration without requisite automated sense-making.

 

Regards,

Forrest

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Russell Warren
Sent: Monday, May 3, 2021 1:01 PM
To: oca-architecture-wg@...; oca-pgb@...
Subject: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Please review the current draft and comment prior to our call Thursday -->https://drive.google.com/file/d/18dr4-8N7VWGdaf2mA-F4rTq0OLZu9XEB/view?usp=sharing

Thank you
Russ

 

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.

 

 

 

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.

 

 




This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.


Re: Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

Hare, Forrest B.
 

Yeah.  Whatever Adam said.  That’s it!  ;)

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Adam Montville
Sent: Friday, May 7, 2021 2:54 PM
To: oca-pgb@...
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Would it be fair to say that the ontological layer would provide normalization across all the different views of the world? That seems reasonably accurate and not as “intrusive” as the term subsume. Strictly speaking, XCCDF, OVAL, and the other SCAP constituent specifications all have their own information models that are then embodied by their syntactical specifications. I think what we want is for the OCA ontological layer to normalize that information for use in other subdomains.

 

Is this perspective off base?

 

Kind regards,

 

Adam



On May 7, 2021, at 12:50 PM, Hare, Forrest B. <Forrest.B.Hare@...> wrote:

 

Maybe “subsume” was a bad choice of words.  I guess that implies something going away.  I probably should have used a better term. 

 

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Hare, Forrest B.
Sent: Friday, May 7, 2021 1:45 PM
To: oca-pgb@...
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Knowledge model does not equal data model.  That is mixing apples and oranges.  It is common to do and one reason that data scientists have difficulty embracing ontologies while at the same time stressing that they are needed (like we heard with Kim and team from JHU). That is why I stressed that STIX, etc would keep their data elements and formats, etc.

 

In fact, the logical components of the existing frameworks would be what we build upon to generate the knowledge model (as you suggested).

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Jason Keirstead
Sent: Friday, May 7, 2021 1:35 PM
To: oca-pgb@...
Cc: oca-pgb@...
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

We don't have any control over other already existing standards though (we could influence, but not control). The odds of STIX or OpenC2 or SCAP changing data model is... I would argue close to 0.

 

Instead a more workable approach is to try to use those already-existing domain models as the foundation for our model.

 

-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management
www.ibm.com/security

Co-Chair - Open Cybersecurity Alliance, Project Governing Board

 

 

----- Original message -----
From: "Hare, Forrest B." <Forrest.B.Hare@...>
Sent by: oca-pgb@...
To: "'oca-pgb@...'" <oca-pgb@...>
Cc:
Subject: [EXTERNAL] Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday
Date: Fri, May 7, 2021 2:31 PM
 
Russ, I made a few comments on the latest draft of the document. In general, I think it is coming along nicely. My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd

Russ,

 

I made a few comments on the latest draft of the document.  In general, I think it is coming along nicely.

 

My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually subsume all the other language/protocol projects that have been done to date to further ensure their interoperability.  So STIX, OpenC2, SCAPv2, etc would all keep their data elements and message formats, but they would all speak the same language- the language of the OCA Ontology.  The end result would be a much more intuitive knowledge model that allows all cybersecurity SMEs, and non-SMEs communicate clearly with each other (in any form to include conversations) and with the computer.

 

At least that is my dream.  I’ll admit that didn’t work out too well for Esperanto.  But the one thing we have going for us is the machine-readable part.  The machines will force logic on us if we want them to work properly.  So we kind of have to do this if we ever want to get ahead of the upcoming phase of data paralysis that will ensue when we achieve full data integration without requisite automated sense-making.

 

Regards,

Forrest

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Russell Warren
Sent: Monday, May 3, 2021 1:01 PM
To: oca-architecture-wg@...; oca-pgb@...
Subject: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Please review the current draft and comment prior to our call Thursday -->https://drive.google.com/file/d/18dr4-8N7VWGdaf2mA-F4rTq0OLZu9XEB/view?usp=sharing

Thank you
Russ

 

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.

 

 

 

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.

 

 




This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.


Re: Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

Adam Montville
 

Would it be fair to say that the ontological layer would provide normalization across all the different views of the world? That seems reasonably accurate and not as “intrusive” as the term subsume. Strictly speaking, XCCDF, OVAL, and the other SCAP constituent specifications all have their own information models that are then embodied by their syntactical specifications. I think what we want is for the OCA ontological layer to normalize that information for use in other subdomains.

Is this perspective off base?

Kind regards,

Adam

On May 7, 2021, at 12:50 PM, Hare, Forrest B. <Forrest.B.Hare@...> wrote:

Maybe “subsume” was a bad choice of words.  I guess that implies something going away.  I probably should have used a better term. 
 
 
From: oca-pgb@... <oca-pgb@...> On Behalf Of Hare, Forrest B.
Sent: Friday, May 7, 2021 1:45 PM
To: oca-pgb@...
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday
 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Knowledge model does not equal data model.  That is mixing apples and oranges.  It is common to do and one reason that data scientists have difficulty embracing ontologies while at the same time stressing that they are needed (like we heard with Kim and team from JHU). That is why I stressed that STIX, etc would keep their data elements and formats, etc.
 
In fact, the logical components of the existing frameworks would be what we build upon to generate the knowledge model (as you suggested).
 
From: oca-pgb@... <oca-pgb@...> On Behalf Of Jason Keirstead
Sent: Friday, May 7, 2021 1:35 PM
To: oca-pgb@...
Cc: oca-pgb@...
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday
 

EXTERNAL EMAIL -- This message originates from outside of SAIC

We don't have any control over other already existing standards though (we could influence, but not control). The odds of STIX or OpenC2 or SCAP changing data model is... I would argue close to 0.
 
Instead a more workable approach is to try to use those already-existing domain models as the foundation for our model.
 
-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management
www.ibm.com/security

Co-Chair - Open Cybersecurity Alliance, Project Governing Board
 
 
----- Original message -----
From: "Hare, Forrest B." <Forrest.B.Hare@...>
Sent by: oca-pgb@...
To: "'oca-pgb@...'" <oca-pgb@...>
Cc:
Subject: [EXTERNAL] Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday
Date: Fri, May 7, 2021 2:31 PM
 
Russ, I made a few comments on the latest draft of the document. In general, I think it is coming along nicely. My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd

Russ,
 
I made a few comments on the latest draft of the document.  In general, I think it is coming along nicely.
 
My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually subsume all the other language/protocol projects that have been done to date to further ensure their interoperability.  So STIX, OpenC2, SCAPv2, etc would all keep their data elements and message formats, but they would all speak the same language- the language of the OCA Ontology.  The end result would be a much more intuitive knowledge model that allows all cybersecurity SMEs, and non-SMEs communicate clearly with each other (in any form to include conversations) and with the computer.
 
At least that is my dream.  I’ll admit that didn’t work out too well for Esperanto.  But the one thing we have going for us is the machine-readable part.  The machines will force logic on us if we want them to work properly.  So we kind of have to do this if we ever want to get ahead of the upcoming phase of data paralysis that will ensue when we achieve full data integration without requisite automated sense-making.
 
Regards,
Forrest
 
From: oca-pgb@... <oca-pgb@...> On Behalf Of Russell Warren
Sent: Monday, May 3, 2021 1:01 PM
To: oca-architecture-wg@...; oca-pgb@...
Subject: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday
 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Please review the current draft and comment prior to our call Thursday -->https://drive.google.com/file/d/18dr4-8N7VWGdaf2mA-F4rTq0OLZu9XEB/view?usp=sharing

Thank you
Russ

 

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.

 

 
 

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.




This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.



Re: Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

Hare, Forrest B.
 

Maybe “subsume” was a bad choice of words.  I guess that implies something going away.  I probably should have used a better term. 

 

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Hare, Forrest B.
Sent: Friday, May 7, 2021 1:45 PM
To: oca-pgb@...
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Knowledge model does not equal data model.  That is mixing apples and oranges.  It is common to do and one reason that data scientists have difficulty embracing ontologies while at the same time stressing that they are needed (like we heard with Kim and team from JHU). That is why I stressed that STIX, etc would keep their data elements and formats, etc.

 

In fact, the logical components of the existing frameworks would be what we build upon to generate the knowledge model (as you suggested).

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Jason Keirstead
Sent: Friday, May 7, 2021 1:35 PM
To: oca-pgb@...
Cc: oca-pgb@...
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

We don't have any control over other already existing standards though (we could influence, but not control). The odds of STIX or OpenC2 or SCAP changing data model is... I would argue close to 0.

 

Instead a more workable approach is to try to use those already-existing domain models as the foundation for our model.

 

-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management
www.ibm.com/security

Co-Chair - Open Cybersecurity Alliance, Project Governing Board

 

 

----- Original message -----
From: "Hare, Forrest B." <Forrest.B.Hare@...>
Sent by: oca-pgb@...
To: "'oca-pgb@...'" <oca-pgb@...>
Cc:
Subject: [EXTERNAL] Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday
Date: Fri, May 7, 2021 2:31 PM
 
Russ, I made a few comments on the latest draft of the document. In general, I think it is coming along nicely. My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd

Russ,

 

I made a few comments on the latest draft of the document.  In general, I think it is coming along nicely.

 

My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually subsume all the other language/protocol projects that have been done to date to further ensure their interoperability.  So STIX, OpenC2, SCAPv2, etc would all keep their data elements and message formats, but they would all speak the same language- the language of the OCA Ontology.  The end result would be a much more intuitive knowledge model that allows all cybersecurity SMEs, and non-SMEs communicate clearly with each other (in any form to include conversations) and with the computer.

 

At least that is my dream.  I’ll admit that didn’t work out too well for Esperanto.  But the one thing we have going for us is the machine-readable part.  The machines will force logic on us if we want them to work properly.  So we kind of have to do this if we ever want to get ahead of the upcoming phase of data paralysis that will ensue when we achieve full data integration without requisite automated sense-making.

 

Regards,

Forrest

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Russell Warren
Sent: Monday, May 3, 2021 1:01 PM
To: oca-architecture-wg@...; oca-pgb@...
Subject: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Please review the current draft and comment prior to our call Thursday --> https://drive.google.com/file/d/18dr4-8N7VWGdaf2mA-F4rTq0OLZu9XEB/view?usp=sharing

Thank you
Russ

 

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.

 

 

 

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.




This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.


Re: Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

Hare, Forrest B.
 

Knowledge model does not equal data model.  That is mixing apples and oranges.  It is common to do and one reason that data scientists have difficulty embracing ontologies while at the same time stressing that they are needed (like we heard with Kim and team from JHU). That is why I stressed that STIX, etc would keep their data elements and formats, etc.

 

In fact, the logical components of the existing frameworks would be what we build upon to generate the knowledge model (as you suggested).

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Jason Keirstead
Sent: Friday, May 7, 2021 1:35 PM
To: oca-pgb@...
Cc: oca-pgb@...
Subject: Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

We don't have any control over other already existing standards though (we could influence, but not control). The odds of STIX or OpenC2 or SCAP changing data model is... I would argue close to 0.

 

Instead a more workable approach is to try to use those already-existing domain models as the foundation for our model.

 

-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management
www.ibm.com/security

Co-Chair - Open Cybersecurity Alliance, Project Governing Board

 

 

----- Original message -----
From: "Hare, Forrest B." <Forrest.B.Hare@...>
Sent by: oca-pgb@...
To: "'oca-pgb@...'" <oca-pgb@...>
Cc:
Subject: [EXTERNAL] Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday
Date: Fri, May 7, 2021 2:31 PM
 
Russ, I made a few comments on the latest draft of the document. In general, I think it is coming along nicely. My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd

Russ,

 

I made a few comments on the latest draft of the document.  In general, I think it is coming along nicely.

 

My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually subsume all the other language/protocol projects that have been done to date to further ensure their interoperability.  So STIX, OpenC2, SCAPv2, etc would all keep their data elements and message formats, but they would all speak the same language- the language of the OCA Ontology.  The end result would be a much more intuitive knowledge model that allows all cybersecurity SMEs, and non-SMEs communicate clearly with each other (in any form to include conversations) and with the computer.

 

At least that is my dream.  I’ll admit that didn’t work out too well for Esperanto.  But the one thing we have going for us is the machine-readable part.  The machines will force logic on us if we want them to work properly.  So we kind of have to do this if we ever want to get ahead of the upcoming phase of data paralysis that will ensue when we achieve full data integration without requisite automated sense-making.

 

Regards,

Forrest

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Russell Warren
Sent: Monday, May 3, 2021 1:01 PM
To: oca-architecture-wg@...; oca-pgb@...
Subject: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Please review the current draft and comment prior to our call Thursday --> https://drive.google.com/file/d/18dr4-8N7VWGdaf2mA-F4rTq0OLZu9XEB/view?usp=sharing

Thank you
Russ

 

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.

 

 

 




This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.


Re: Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

Jason Keirstead
 

We don't have any control over other already existing standards though (we could influence, but not control). The odds of STIX or OpenC2 or SCAP changing data model is... I would argue close to 0.
 
Instead a more workable approach is to try to use those already-existing domain models as the foundation for our model.
 
-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management
www.ibm.com/security

Co-Chair - Open Cybersecurity Alliance, Project Governing Board
www.opencybersecurityalliance.org
 
 
 

----- Original message -----
From: "Hare, Forrest B." <Forrest.B.Hare@...>
Sent by: oca-pgb@...
To: "'oca-pgb@...'" <oca-pgb@...>
Cc:
Subject: [EXTERNAL] Re: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday
Date: Fri, May 7, 2021 2:31 PM
 
Russ, I made a few comments on the latest draft of the document. In general, I think it is coming along nicely. My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd

Russ,

 

I made a few comments on the latest draft of the document.  In general, I think it is coming along nicely.

 

My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually subsume all the other language/protocol projects that have been done to date to further ensure their interoperability.  So STIX, OpenC2, SCAPv2, etc would all keep their data elements and message formats, but they would all speak the same language- the language of the OCA Ontology.  The end result would be a much more intuitive knowledge model that allows all cybersecurity SMEs, and non-SMEs communicate clearly with each other (in any form to include conversations) and with the computer.

 

At least that is my dream.  I’ll admit that didn’t work out too well for Esperanto.  But the one thing we have going for us is the machine-readable part.  The machines will force logic on us if we want them to work properly.  So we kind of have to do this if we ever want to get ahead of the upcoming phase of data paralysis that will ensue when we achieve full data integration without requisite automated sense-making.

 

Regards,

Forrest

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Russell Warren
Sent: Monday, May 3, 2021 1:01 PM
To: oca-architecture-wg@...; oca-pgb@...
Subject: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Please review the current draft and comment prior to our call Thursday --> https://drive.google.com/file/d/18dr4-8N7VWGdaf2mA-F4rTq0OLZu9XEB/view?usp=sharing

Thank you
Russ

 

 



This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.

 

 


Re: Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

Hare, Forrest B.
 

Russ,

 

I made a few comments on the latest draft of the document.  In general, I think it is coming along nicely.

 

My main comment, and I’m responding via e-mail to share it more broadly, is that I would see that the OCA Ontology would eventually subsume all the other language/protocol projects that have been done to date to further ensure their interoperability.  So STIX, OpenC2, SCAPv2, etc would all keep their data elements and message formats, but they would all speak the same language- the language of the OCA Ontology.  The end result would be a much more intuitive knowledge model that allows all cybersecurity SMEs, and non-SMEs communicate clearly with each other (in any form to include conversations) and with the computer.

 

At least that is my dream.  I’ll admit that didn’t work out too well for Esperanto.  But the one thing we have going for us is the machine-readable part.  The machines will force logic on us if we want them to work properly.  So we kind of have to do this if we ever want to get ahead of the upcoming phase of data paralysis that will ensue when we achieve full data integration without requisite automated sense-making.

 

Regards,

Forrest

 

From: oca-pgb@... <oca-pgb@...> On Behalf Of Russell Warren
Sent: Monday, May 3, 2021 1:01 PM
To: oca-architecture-wg@...; oca-pgb@...
Subject: [oca-pgb] Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

 

EXTERNAL EMAIL -- This message originates from outside of SAIC

Please review the current draft and comment prior to our call Thursday --> https://drive.google.com/file/d/18dr4-8N7VWGdaf2mA-F4rTq0OLZu9XEB/view?usp=sharing

Thank you
Russ




This communication (including any attachments) may contain information that is proprietary, confidential or exempt from disclosure. If you are not the intended recipient, please note that further dissemination, distribution, use or copying of this communication is strictly prohibited. Anyone who received this message in error should notify the sender immediately by telephone or by return email and delete it from his or her computer.


Contact details

Claudia Rauch
 

Hi everyone,

In addition to my very brief hello during yesterday's PGB call, I just wanted to let you know that you can reach out to me anytime via email or in the OCA Slack channel (@claudia).

Do let me know if you have any questions or suggestions.

Thanks,
Claudia

--

Claudia Rauch

Open Projects Program Manager

OASIS Open

   
Pronouns:
She/Her
Timezone:
GMT+2
Website:
www.oasis-open.org


Upcoming Events #cal-summary

oca-pgb@lists.oasis-open-projects.org Calendar <oca-pgb@...>
 

Open Cybersecurity Alliance Project Governing Board Upcoming Events

OCA PGB Monthly Call

When:
Thursday, 3 June 2021, 1:00pm to 2:00pm
(GMT-03:00) America/Halifax

Where:
+18445310958,,927997469 https://ibm.webex.com/meet/jason.keirstead Join by phone Access code: 927 997 469 United States of America Toll Free 1-844-531-0958 United States of America Toll +1-669-234-1178 United Kingdom Toll Free 0808-234-3612 Israel Toll Free 180-940-5356 Australia Toll Free 1-800-87-5043 International numbers: https://ibm.webex.com/cmp3200/webcomponents/widget/globalcallin/globalcallin.do?siteurl=ibm&serviceType=MC&ED=555779422&tollFree=1 +18445310958,,927997469 https://ibm.webex.com/meet/jason.keirstead Join by phone Access code: 927 997 469 United States of America Toll Free 1-844-531-0958 United States of America Toll +1-669-234-1178 United Kingdom Toll Free 0808-234-3612 Israel Toll Free 180-940-5356 Australia Toll Free 1-800-87-5043 International numbers: https://ibm.webex.com/cmp3200/webcomponents/widget/globalcallin/globalcallin.do?siteurl=ibm&serviceType=MC&ED=555779422&tollFree=1

Organizer: "Jason Keirstead/CanEast/IBM" Jason.Keirstead@...

Details:
<1611673324300>":Online meeting: https://ibm.webex.com/meet/jason.keirstead

Setting up OCA PGB calls for 2021

View Event


Cancelled Event: TSC Bi-Weekly Recurring Meeting #cal-cancelled

oca-pgb@lists.oasis-open-projects.org Calendar <noreply@...>
 

Cancelled: TSC Bi-Weekly Recurring Meeting

This event has been cancelled.

When:
Thursday, 11 February 2021
7:30am to 8:30am
(UTC-06:00) America/Chicago
Repeats: Every 2 weeks on Thursday, through Thursday, 9 December 2021

Where:
TBD - Email to be sent to TSC DL

Organizer: Mark Mastrangeli mark_mastrangeli@...

Description:
TSC Cadence Call - Recurring Every 2 weeks starting Feb 11, 2021 through December 9, 2021

________________________________________________________________________________

Microsoft Teams meeting

Join on your computer or mobile app

Click here to join the meeting

Or call in (audio only)

+1 832-844-5025,,359848527#   United States, Houston

Phone Conference ID: 359 848 527#

Find a local number | Reset PIN

Learn More | Meeting options

________________________________________________________________________________


Important: Todays PGB call will be delayed by 10+ minutes

Jason Keirstead
 

I have an unavoidable conflict that is currently scheduled to run until 12:10 EST, so will not be starting the call until 12:10.
 
-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management
www.ibm.com/security

Co-Chair - Open Cybersecurity Alliance, Project Governing Board
www.opencybersecurityalliance.org
 


TSC Bi-Weekly Recurring Meeting - Thu, 05/06/2021 #cal-notice

oca-pgb@lists.oasis-open-projects.org Calendar <noreply@...>
 

TSC Bi-Weekly Recurring Meeting

When:
Thursday, 6 May 2021
7:30am to 8:30am
(GMT-05:00) America/Chicago

Where:
TBD - Email to be sent to TSC DL

Organizer:
mark_mastrangeli@...

Description:
TSC Cadence Call - Recurring Every 2 weeks starting Feb 11, 2021 through December 9, 2021

________________________________________________________________________________

Microsoft Teams meeting

Join on your computer or mobile app

Click here to join the meeting

Or call in (audio only)

+1 832-844-5025,,359848527#   United States, Houston

Phone Conference ID: 359 848 527#

Find a local number | Reset PIN

Learn More | Meeting options

________________________________________________________________________________


TSC Bi-Weekly Recurring Meeting - Thu, 05/06/2021 7:30am-8:30am #cal-reminder

oca-pgb@lists.oasis-open-projects.org Calendar <oca-pgb@...>
 

Reminder: TSC Bi-Weekly Recurring Meeting

When: Thursday, 6 May 2021, 7:30am to 8:30am, (GMT-05:00) America/Chicago

Where:TBD - Email to be sent to TSC DL

View Event

Organizer: Mark Mastrangeli mark_mastrangeli@...

Description: TSC Cadence Call - Recurring Every 2 weeks starting Feb 11, 2021 through December 9, 2021

________________________________________________________________________________

Microsoft Teams meeting

Join on your computer or mobile app

Click here to join the meeting

Or call in (audio only)

+1 832-844-5025,,359848527#   United States, Houston

Phone Conference ID: 359 848 527#

Find a local number | Reset PIN

Learn More | Meeting options

________________________________________________________________________________


Agenda for May 6 PGB Meeting

Jason Keirstead
 

Hell everyone! Here is the proposed agenda for the PGB meeting tomorrow.
 
If anyone has any specific items they want to add to the agenda, as always please let me know. The call as usual will be recorded for YouTube. 
 
-
 
Marketing Update, Update on Borderless Cyber - Jane Harnad
Summary of IACD discussion and IoB Webinar, proposal for formation of IoB sharing working group - Jason Keirstead/Lordina Cherne
Brief overview of IBM Security "Kestrel" Project for OCA PGB - Jason Keirstead
Call for participation, Analyst Briefing material - Jason Keirstead
Update & challenges in Reference Architecture group - Russ Warren
 
 
 
-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management
www.ibm.com/security

Co-Chair - Open Cybersecurity Alliance, Project Governing Board
www.opencybersecurityalliance.org
 


Reminder - Please review and comment on Rev3 of our architecture document prior to our call Thursday

Russell Warren
 

Please review the current draft and comment prior to our call Thursday --> https://drive.google.com/file/d/18dr4-8N7VWGdaf2mA-F4rTq0OLZu9XEB/view?usp=sharing

Thank you
Russ


TSC Bi-Weekly Recurring Meeting - Thu, 05/06/2021 7:30am-8:30am #cal-reminder

oca-pgb@lists.oasis-open-projects.org Calendar <oca-pgb@...>
 

Reminder: TSC Bi-Weekly Recurring Meeting

When: Thursday, 6 May 2021, 7:30am to 8:30am, (GMT-05:00) America/Chicago

Where:TBD - Email to be sent to TSC DL

View Event

Organizer: Mark Mastrangeli mark_mastrangeli@...

Description: TSC Cadence Call - Recurring Every 2 weeks starting Feb 11, 2021 through December 9, 2021

________________________________________________________________________________

Microsoft Teams meeting

Join on your computer or mobile app

Click here to join the meeting

Or call in (audio only)

+1 832-844-5025,,359848527#   United States, Houston

Phone Conference ID: 359 848 527#

Find a local number | Reset PIN

Learn More | Meeting options

________________________________________________________________________________


Upcoming Events #cal-summary

oca-pgb@lists.oasis-open-projects.org Calendar <oca-pgb@...>
 

Open Cybersecurity Alliance Project Governing Board Upcoming Events

TSC Bi-Weekly Recurring Meeting

When:
Thursday, 6 May 2021, 7:30am to 8:30am
(GMT-05:00) America/Chicago

Where:
TBD - Email to be sent to TSC DL

Organizer: Mark Mastrangeli mark_mastrangeli@...

Details:
TSC Cadence Call - Recurring Every 2 weeks starting Feb 11, 2021 through December 9, 2021

________________________________________________________________________________

Microsoft Teams meeting

Join on your computer or mobile app

Click here to join the meeting

Or call in (audio only)

+1 832-844-5025,,359848527#   United States, Houston

Phone Conference ID: 359 848 527#

Find a local number | Reset PIN

Learn More | Meeting options

________________________________________________________________________________

View Event


OCA PGB Monthly Call

When:
Thursday, 6 May 2021, 1:00pm to 2:00pm
(GMT-03:00) America/Halifax

Where:
+18445310958,,927997469 https://ibm.webex.com/meet/jason.keirstead Join by phone Access code: 927 997 469 United States of America Toll Free 1-844-531-0958 United States of America Toll +1-669-234-1178 United Kingdom Toll Free 0808-234-3612 Israel Toll Free 180-940-5356 Australia Toll Free 1-800-87-5043 International numbers: https://ibm.webex.com/cmp3200/webcomponents/widget/globalcallin/globalcallin.do?siteurl=ibm&serviceType=MC&ED=555779422&tollFree=1 +18445310958,,927997469 https://ibm.webex.com/meet/jason.keirstead Join by phone Access code: 927 997 469 United States of America Toll Free 1-844-531-0958 United States of America Toll +1-669-234-1178 United Kingdom Toll Free 0808-234-3612 Israel Toll Free 180-940-5356 Australia Toll Free 1-800-87-5043 International numbers: https://ibm.webex.com/cmp3200/webcomponents/widget/globalcallin/globalcallin.do?siteurl=ibm&serviceType=MC&ED=555779422&tollFree=1

Organizer: "Jason Keirstead/CanEast/IBM" Jason.Keirstead@...

Details:
<1611673324300>":Online meeting: https://ibm.webex.com/meet/jason.keirstead

Setting up OCA PGB calls for 2021

View Event


TSC Bi-Weekly Recurring Meeting

When:
Thursday, 20 May 2021, 7:30am to 8:30am
(GMT-05:00) America/Chicago

Where:
TBD - Email to be sent to TSC DL

Organizer: Mark Mastrangeli mark_mastrangeli@...

Details:
TSC Cadence Call - Recurring Every 2 weeks starting Feb 11, 2021 through December 9, 2021

________________________________________________________________________________

Microsoft Teams meeting

Join on your computer or mobile app

Click here to join the meeting

Or call in (audio only)

+1 832-844-5025,,359848527#   United States, Houston

Phone Conference ID: 359 848 527#

Find a local number | Reset PIN

Learn More | Meeting options

________________________________________________________________________________

View Event

1 - 20 of 346