OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Secu

 View Only
  • 1.  OpenC2 Extension: HTML version missing figure

    Posted 10 days ago

    Anticipating that the OpenC2 Extension for CACAO will likely be discussed on today's call, I wanted to point out that Figure 2-1 is missing from the HTML version (which I am guessing was most convenient for many people to review). This figure shows how CACAO and OpenC2 define Producers and Consumers. I'm including it here for clarity / reference. 

    I have notified OASIS of this discrepancy so they can investigate the cause.


    ------------------------------
    David Lemire, CISSP
    HII / National Security Agency
    OpenC2 TC Secretary
    david.lemire@hii-tsd.com
    ------------------------------


  • 2.  RE: OpenC2 Extension: HTML version missing figure

    Posted 10 days ago

    Our CSD approval declared the Markdown version as authoritative. I will be using https://github.com/oasis-tcs/openc2-cacao-ext/blob/working/openc2-cacao-ext-v1.0.md as my reference for any discussions today. Sharing the link to provide a consistent reference for everyone participating.



    ------------------------------
    David Lemire, CISSP
    HII / National Security Agency
    OpenC2 TC Secretary
    david.lemire@hii-tsd.com
    ------------------------------



  • 3.  RE: OpenC2 Extension: HTML version missing figure

    Posted 10 days ago

    Thank you, Dave.

    I aim to review the proposal this week. I had an initial quick read, and I have the feeling that the proposal is solid. I also assume that the proposed changes regarding the transports, agents, and targets fully align with the OpenC2 specs on how the protocols must be used when transferring OpenC2 commands.

    -Vasileios



    ------------------------------
    Vasileios Mavroeidis
    Security Researcher
    University of Oslo
    +47 40347666
    ------------------------------



  • 4.  RE: OpenC2 Extension: HTML version missing figure

    Posted 10 days ago

    Thanks, Vasileios. Yes, the OpenC2 transports and CACAO agents are aligned (I'm the editor of both the HTTPS and MQTT Transfer specs, so deeply familiar with the requirements therein).

    The Extension proposes defining CACAO targets that align with OpenC2 Actuator Profiles (APs). I will admit to some uncertainty whether there's actual value to including that content in a CACAO playbook and am hoping for feedback on that particular. As OpenC2 APs don't alter how message transfers are accomplished, there's no actual connection between a CACAO Agent representing an OpenC2-compliant transfer capability and a CACAO Target identifying the OpenC2 profile expected to be executing the OpenC2 command. 



    ------------------------------
    David Lemire, CISSP
    HII / National Security Agency
    OpenC2 TC Secretary
    david.lemire@hii-tsd.com
    ------------------------------