OASIS Threat Actor Context (TAC) TC

 View Only
  • 1.  TAC at the Cybersecurity Automation Village in April

    Posted 02-07-2024 00:51




    Would someone from TAC (Ryan?) be willing to be the TAC lead for the upcoming Cybersecurity Automation Village in April what you are calling the plugfest?
     
    The plan is to attempt to have those with sweat equity (ie something to show and talk about that ties the use cases and projects together from a vendor/os-project/TC/whatever viewpoint) ready by the prep2 on March 5.

    https://github.com/opencybersecurityalliance/casp/blob/main/Plugfests/2024-03-NorthernVirginia/Prep2/README.md is what we have so far and you ll note it s light on TAC (ie no lead, and so far only one org UiO agreeing to participating wrt TAC).

     
    Let me know who to put as lead for TAC (as I don t have time to herd TAC cats I m just trying to herd the leads of the projects) and ideally add a few more orgs to the TAC sweat equity list as well as tweaking the Value Propositions
    to show TAC value, and adding some TAC-practitioner-use-cases with some sample TAC data.
     


    -- 
    Duncan Sparrell
    sFractal Consulting
    iPhone, iTypo, iApologize
    I welcome VSRE emails. Learn more at  http://vsre.info /


     
     





     
    Summary
     
    The OASIS TAC-TC (Threat Actor Context Technical Committee) Monthly Meeting held in January 2024 focused on advancing cybersecurity standards and practices. The meeting brought together representatives from
    diverse sectors including telecommunications (AT&T), banking (ANZ Banking Group), cybersecurity (CTIN), academia (University of Oslo), and law enforcement (US FBI), reflecting the interdisciplinary approach necessary for tackling modern cybersecurity challenges.
     
    Key Topics Discussed:
     
    STIX Ontology Progress : The committee reviewed the development of the STIX (Structured Threat Information _expression_) ontology, which
    is pivotal for standardizing the representation and exchange of cybersecurity threat information. This ontology facilitates the automation and integration of threat data across different systems and platforms, enhancing the overall efficiency of cybersecurity
    measures.
     
    Cybersecurity Automation for Plugfest Event : Preparations for the upcoming cybersecurity automation 'plugfest' event were discussed. This
    event aims to test and demonstrate the interoperability of cybersecurity tools and technologies, ensuring that they can work seamlessly together to detect, mitigate, and prevent cyber threats. The plugfest represents a practical application of the committee's
    work, showcasing advancements in automation that can streamline cybersecurity operations.
     
    Integration of Threat Actor Context Ontology : The meeting emphasized the importance of integrating the threat actor context ontology into
    cybersecurity practices. This ontology is designed to provide a more nuanced understanding of threat actors, including their motives, tactics, and behaviors. By incorporating this context, cybersecurity professionals can better predict and counteract the actions
    of potential threat actors, leading to more effective defense strategies.
     
    Action Items:
     
    Preparation for the Cybersecurity Automation Village Plugfest : Committee members were tasked with finalizing the preparations for the
    plugfest event. This includes ensuring the interoperability of participating technologies, setting up demonstration scenarios, and coordinating with participants to highlight advancements in cybersecurity automation.
     
    Further Development and Integration of Ontologies : The committee is to continue its work on developing and refining the STIX ontology
    and the threat actor context ontology. This involves addressing any identified gaps, enhancing the ontologies' capabilities for detailed threat representation, and integrating them into cybersecurity tools and practices.
     
    Improvement of Interoperability and Automation Capabilities : An ongoing action item is the enhancement of interoperability between different
    cybersecurity systems and the automation of threat detection and response processes. This effort is crucial for keeping pace with the rapidly evolving cyber threat landscape and ensuring that cybersecurity measures are as efficient and effective as possible.
     
    The OASIS TAC-TC Monthly Meeting underscored the critical role of collaboration across sectors in advancing cybersecurity standards and practices. By focusing on the development of ontologies and the practical
    demonstration of cybersecurity automation, the committee is working to create a more secure and resilient digital environment.
     








    Patrick Maroney     Principal
    Cybersecurity AT&T Services, Inc.
    Threat Analytics
    e:   patrick.maroney@att.com     p:   732.615.5287  





     

     
     



    From:
    MARONEY, PATRICK
    <rx118r@att.com>
    Date: Tuesday, February 6, 2024 at 3:44 PM
    To: JG @ OASIS <jg@ctin.us> ,
    tac@lists.oasis-open.org <tac@lists.oasis-open.org>
    Subject: Re: [tac] TAC TC Meeting Notes


    Re:  the AI generated Transcript . Interesting.  Definitely requires some post-facto editing/curating but very interesting nonetheless!  Especially for overworked TC Secretaries.  Might be interesting
    to see it taken to the next level (i.e., Summarize the Transcript to identify key concepts, action items .
     








    Patrick Maroney     Principal
    Cybersecurity AT&T Services, Inc.
    Threat Analytics
    e:   patrick.maroney@att.com     p:   732.615.5287  





     

     
     



    From:
    tac@lists.oasis-open.org
    <tac@lists.oasis-open.org> on behalf of JG @ OASIS
    <jg@ctin.us>
    Date: Tuesday, February 6, 2024 at 3:36 PM
    To: tac@lists.oasis-open.org
    <tac@lists.oasis-open.org>
    Subject: [tac] TAC TC Meeting Notes


    TAC TC: Attached are the meeting notes from the session earlier today.   Note that I have embedded the AI generated Transcript.   It is very rough, but, in the interest of time, I wanted to get
    these out to the broader group. -- ***************************

    TAC TC:
    Attached are the meeting notes from the session earlier today.  Note that I have embedded the AI generated Transcript.  It is very rough, but, in the interest of time, I wanted to get these out to the broader group.
    --
    ***************************
    R. Jane Ginn, MSIA, MRP
    Secretary, TAC-TC
    Secretary, OCA CASP
    OASIS
    jg@ctin.us
    +1(480) 646-7837
    ***************************
















  • 2.  RE: [tac] TAC at the Cybersecurity Automation Village in April

    Posted 02-08-2024 21:07
    Duncan, I would be happy to be the TAC lead for the Cybersecurity Automation Village. We are converging on calling it: Cybersecurity Automation Village Plugfest, or simply Plugfest   I can not directly edit the README.md as I am not a maintainer. How would you like me to proceed? Fork and Pull Request? Please advise.   I strive to be an easy cat to herd.     Cheers, Ryan   From: tac@lists.oasis-open.org <tac@lists.oasis-open.org> On Behalf Of duncan sfractal.com Sent: Tuesday, February 6, 2024 4:51 PM To: tac@lists.oasis-open.org Subject: [tac] TAC at the Cybersecurity Automation Village in April   Would someone from TAC (Ryan?) be willing to be the TAC lead for the upcoming Cybersecurity Automation Village in April what you are calling the plugfest?   The plan is to attempt to have those with sweat equity (ie something to show and talk about that ties the use cases and projects together from a vendor/os-project/TC/whatever viewpoint) ready by the prep2 on March 5. https://github.com/opencybersecurityalliance/casp/blob/main/Plugfests/2024-03-NorthernVirginia/Prep2/README.md is what we have so far and you ll note it s light on TAC (ie no lead, and so far only one org UiO agreeing to participating wrt TAC).   Let me know who to put as lead for TAC (as I don t have time to herd TAC cats I m just trying to herd the leads of the projects) and ideally add a few more orgs to the TAC sweat equity list as well as tweaking the Value Propositions to show TAC value, and adding some TAC-practitioner-use-cases with some sample TAC data.   --  Duncan Sparrell sFractal Consulting iPhone, iTypo, iApologize I welcome VSRE emails. Learn more at  http://vsre.info /       Summary   The OASIS TAC-TC (Threat Actor Context Technical Committee) Monthly Meeting held in January 2024 focused on advancing cybersecurity standards and practices. The meeting brought together representatives from diverse sectors including telecommunications (AT&T), banking (ANZ Banking Group), cybersecurity (CTIN), academia (University of Oslo), and law enforcement (US FBI), reflecting the interdisciplinary approach necessary for tackling modern cybersecurity challenges.   Key Topics Discussed:   STIX Ontology Progress : The committee reviewed the development of the STIX (Structured Threat Information _expression_) ontology, which is pivotal for standardizing the representation and exchange of cybersecurity threat information. This ontology facilitates the automation and integration of threat data across different systems and platforms, enhancing the overall efficiency of cybersecurity measures.   Cybersecurity Automation for Plugfest Event : Preparations for the upcoming cybersecurity automation 'plugfest' event were discussed. This event aims to test and demonstrate the interoperability of cybersecurity tools and technologies, ensuring that they can work seamlessly together to detect, mitigate, and prevent cyber threats. The plugfest represents a practical application of the committee's work, showcasing advancements in automation that can streamline cybersecurity operations.   Integration of Threat Actor Context Ontology : The meeting emphasized the importance of integrating the threat actor context ontology into cybersecurity practices. This ontology is designed to provide a more nuanced understanding of threat actors, including their motives, tactics, and behaviors. By incorporating this context, cybersecurity professionals can better predict and counteract the actions of potential threat actors, leading to more effective defense strategies.   Action Items:   Preparation for the Cybersecurity Automation Village Plugfest : Committee members were tasked with finalizing the preparations for the plugfest event. This includes ensuring the interoperability of participating technologies, setting up demonstration scenarios, and coordinating with participants to highlight advancements in cybersecurity automation.   Further Development and Integration of Ontologies : The committee is to continue its work on developing and refining the STIX ontology and the threat actor context ontology. This involves addressing any identified gaps, enhancing the ontologies' capabilities for detailed threat representation, and integrating them into cybersecurity tools and practices.   Improvement of Interoperability and Automation Capabilities : An ongoing action item is the enhancement of interoperability between different cybersecurity systems and the automation of threat detection and response processes. This effort is crucial for keeping pace with the rapidly evolving cyber threat landscape and ensuring that cybersecurity measures are as efficient and effective as possible.   The OASIS TAC-TC Monthly Meeting underscored the critical role of collaboration across sectors in advancing cybersecurity standards and practices. By focusing on the development of ontologies and the practical demonstration of cybersecurity automation, the committee is working to create a more secure and resilient digital environment.   Patrick Maroney     Principal Cybersecurity AT&T Services, Inc. Threat Analytics e:   patrick.maroney@att.com     p:   732.615.5287         From: MARONEY, PATRICK <rx118r@att.com> Date: Tuesday, February 6, 2024 at 3:44 PM To: JG @ OASIS <jg@ctin.us> , tac@lists.oasis-open.org <tac@lists.oasis-open.org> Subject: Re: [tac] TAC TC Meeting Notes Re:  the AI generated Transcript . Interesting.  Definitely requires some post-facto editing/curating but very interesting nonetheless!  Especially for overworked TC Secretaries.  Might be interesting to see it taken to the next level (i.e., Summarize the Transcript to identify key concepts, action items .   Patrick Maroney     Principal Cybersecurity AT&T Services, Inc. Threat Analytics e:   patrick.maroney@att.com     p:   732.615.5287         From: tac@lists.oasis-open.org <tac@lists.oasis-open.org> on behalf of JG @ OASIS <jg@ctin.us> Date: Tuesday, February 6, 2024 at 3:36 PM To: tac@lists.oasis-open.org <tac@lists.oasis-open.org> Subject: [tac] TAC TC Meeting Notes TAC TC: Attached are the meeting notes from the session earlier today.   Note that I have embedded the AI generated Transcript.   It is very rough, but, in the interest of time, I wanted to get these out to the broader group. -- *************************** TAC TC: Attached are the meeting notes from the session earlier today.  Note that I have embedded the AI generated Transcript.  It is very rough, but, in the interest of time, I wanted to get these out to the broader group. -- *************************** R. Jane Ginn, MSIA, MRP Secretary, TAC-TC Secretary, OCA CASP OASIS jg@ctin.us +1(480) 646-7837 ***************************


  • 3.  Re: [tac] TAC at the Cybersecurity Automation Village in April

    Posted 02-08-2024 22:06




    Great. Thank you!
     
    Wrt to contribs yes please fork and make a pull request and if I don t merge it right away (I get zillions of github emails), email me directly (I read emails from people, less so from github) and I ll merge.
     
    I went ahead and added you as lead on TAC on

    https://github.com/sparrell/casp/blob/main/Plugfests/2024-03-NorthernVirginia/Prep2/README.md but feel free to


    recruit some more orgs (including your own?) to add on that list (just UiO at moment),
    recruit people to add in some TAC practitioner use cases to show how TAC fits into WitchyWashy and/or into Olympic Destroyer or add in new Value Props
    if that helps show off TAC better recruit people to help create some TAC training Q&A for the QuadBlockQuiz game (my baby so happy to talk sometime if you want basically some questions
    written in a way to include the answer with the purpose to teach people the value of your project). It s been used at RSAC several times, at BSides, and at corporate events and I m adapting it for the village to show off the Village projects. think about your (doesn t have to be you, but you get first dibs. And if it isn t you, then you do have to recruit someone else to do it) presentation
    at Village on TAC. Note the opening session will explain the use cases (value/practioner/demos) and explain the next couple sections the first of which will be x minutes per project (ie TAC is a project) explaining what the project is and how it fits into
    the Value Prop and Practitioner use cases ideally listing where TAC shows up in the third section which is each company/agency (or combos of them when multiple interwork) gets y minutes to talk about their demo (demo may be all had waving but ideally has
    actual data and even more ideally has that data moving between orgs). Note x and y will probably be shorter than anyone wants because we have a lot of projects and we have a lot of company/agencies wanting to show stuff off. The intent is to have a good handle on previous bullet by prep2 on March 5 so we can finalize agenda. The intent is to have all demos ideally working by 3/5 but definitively working by 4/10 (ie the halfday dryrun the day before the Village)
     
    Wrt what to call it I consider a village to be a plugfest (ie things talking to each other), workshop (ie talks and discussion), and hackathon (ie writing new code on the fly to interwork with other stuff)
    all in one. And for marketing reasons, I think Village has a better connotation (because that is what Defcon, RSAC, BSides, etc all call them) than plugfest for the execs we want to impress.

     


    -- 
    Duncan Sparrell
    sFractal Consulting
    iPhone, iTypo, iApologize
    I welcome VSRE emails. Learn more at  http://vsre.info /


     
     



    From:
    tac@lists.oasis-open.org <tac@lists.oasis-open.org> on behalf of reh@ctin.us <reh@ctin.us>
    Date: Thursday, February 8, 2024 at 4:06 PM
    To: duncan sfractal.com <duncan@sfractal.com>, tac@lists.oasis-open.org <tac@lists.oasis-open.org>
    Subject: RE: [tac] TAC at the Cybersecurity Automation Village in April


    Duncan,
    I would be happy to be the TAC lead for the Cybersecurity Automation Village.
    We are converging on calling it: Cybersecurity Automation Village Plugfest, or simply Plugfest
     
    I can not directly edit the README.md as I am not a maintainer.

    How would you like me to proceed? Fork and Pull Request?
    Please advise.
     
    I strive to be an easy cat to herd.
     
     
    Cheers,
    Ryan
     


    From: tac@lists.oasis-open.org <tac@lists.oasis-open.org>
    On Behalf Of duncan sfractal.com
    Sent: Tuesday, February 6, 2024 4:51 PM
    To: tac@lists.oasis-open.org
    Subject: [tac] TAC at the Cybersecurity Automation Village in April


     
    Would someone from TAC (Ryan?) be willing to be the TAC lead for the upcoming Cybersecurity Automation Village in April what you are calling the plugfest?
     
    The plan is to attempt to have those with sweat equity (ie something to show and talk about that ties the use cases and projects together from a vendor/os-project/TC/whatever viewpoint) ready by the prep2
    on March 5.
    https://github.com/opencybersecurityalliance/casp/blob/main/Plugfests/2024-03-NorthernVirginia/Prep2/README.md is what we have so far and you ll note it s light on TAC (ie no lead, and so far only one org UiO agreeing to participating wrt TAC).

     
    Let me know who to put as lead for TAC (as I don t have time to herd TAC cats I m just trying to herd the leads of the projects) and ideally add a few more orgs to the TAC sweat equity list as well as tweaking
    the Value Propositions to show TAC value, and adding some TAC-practitioner-use-cases with some sample TAC data.
     


    -- 
    Duncan Sparrell
    sFractal Consulting
    iPhone, iTypo, iApologize
    I welcome VSRE emails. Learn more at  http://vsre.info /


     
     





     
    Summary
     
    The OASIS TAC-TC (Threat Actor Context Technical Committee) Monthly Meeting held in January 2024 focused on advancing cybersecurity standards and practices. The meeting brought together representatives from
    diverse sectors including telecommunications (AT&T), banking (ANZ Banking Group), cybersecurity (CTIN), academia (University of Oslo), and law enforcement (US FBI), reflecting the interdisciplinary approach necessary for tackling modern cybersecurity challenges.
     
    Key Topics Discussed:
     
    STIX Ontology Progress : The committee reviewed the development of the STIX (Structured Threat Information _expression_) ontology, which
    is pivotal for standardizing the representation and exchange of cybersecurity threat information. This ontology facilitates the automation and integration of threat data across different systems and platforms, enhancing the overall efficiency of cybersecurity
    measures.
     
    Cybersecurity Automation for Plugfest Event : Preparations for the upcoming cybersecurity automation 'plugfest' event were discussed. This
    event aims to test and demonstrate the interoperability of cybersecurity tools and technologies, ensuring that they can work seamlessly together to detect, mitigate, and prevent cyber threats. The plugfest represents a practical application of the committee's
    work, showcasing advancements in automation that can streamline cybersecurity operations.
     
    Integration of Threat Actor Context Ontology : The meeting emphasized the importance of integrating the threat actor context ontology into
    cybersecurity practices. This ontology is designed to provide a more nuanced understanding of threat actors, including their motives, tactics, and behaviors. By incorporating this context, cybersecurity professionals can better predict and counteract the actions
    of potential threat actors, leading to more effective defense strategies.
     
    Action Items:
     
    Preparation for the Cybersecurity Automation Village Plugfest : Committee members were tasked with finalizing the preparations for the
    plugfest event. This includes ensuring the interoperability of participating technologies, setting up demonstration scenarios, and coordinating with participants to highlight advancements in cybersecurity automation.
     
    Further Development and Integration of Ontologies : The committee is to continue its work on developing and refining the STIX ontology
    and the threat actor context ontology. This involves addressing any identified gaps, enhancing the ontologies' capabilities for detailed threat representation, and integrating them into cybersecurity tools and practices.
     
    Improvement of Interoperability and Automation Capabilities : An ongoing action item is the enhancement of interoperability between different
    cybersecurity systems and the automation of threat detection and response processes. This effort is crucial for keeping pace with the rapidly evolving cyber threat landscape and ensuring that cybersecurity measures are as efficient and effective as possible.
     
    The OASIS TAC-TC Monthly Meeting underscored the critical role of collaboration across sectors in advancing cybersecurity standards and practices. By focusing on the development of ontologies and the practical
    demonstration of cybersecurity automation, the committee is working to create a more secure and resilient digital environment.
     








    Patrick Maroney     Principal
    Cybersecurity AT&T Services, Inc.
    Threat Analytics
    e:   patrick.maroney@att.com     p:   732.615.5287  





     

     
     



    From:
    MARONEY, PATRICK
    <rx118r@att.com>
    Date: Tuesday, February 6, 2024 at 3:44 PM
    To: JG @ OASIS <jg@ctin.us> ,
    tac@lists.oasis-open.org
    <tac@lists.oasis-open.org>
    Subject: Re: [tac] TAC TC Meeting Notes


    Re:  the AI generated Transcript . Interesting.  Definitely requires some post-facto editing/curating but very interesting nonetheless!  Especially for overworked TC Secretaries.  Might be interesting
    to see it taken to the next level (i.e., Summarize the Transcript to identify key concepts, action items .
     








    Patrick Maroney     Principal
    Cybersecurity AT&T Services, Inc.
    Threat Analytics
    e:   patrick.maroney@att.com     p:   732.615.5287  





     

     
     



    From:
    tac@lists.oasis-open.org
    <tac@lists.oasis-open.org> on behalf of JG @ OASIS
    <jg@ctin.us>
    Date: Tuesday, February 6, 2024 at 3:36 PM
    To: tac@lists.oasis-open.org
    <tac@lists.oasis-open.org>
    Subject: [tac] TAC TC Meeting Notes


    TAC TC: Attached are the meeting notes from the session earlier today.   Note that I have embedded the AI generated Transcript.   It is very rough, but, in the interest of time, I wanted to get
    these out to the broader group. -- ***************************

    TAC TC:
    Attached are the meeting notes from the session earlier today.  Note that I have embedded the AI generated Transcript.  It is very rough, but, in the interest of time, I wanted to get these out to the broader group.
    --
    ***************************
    R. Jane Ginn, MSIA, MRP
    Secretary, TAC-TC
    Secretary, OCA CASP
    OASIS
    jg@ctin.us
    +1(480) 646-7837
    ***************************