Elsevier

Computers & Security

Volume 97, October 2020, 101999
Computers & Security

A nonproprietary language for the command and control of cyber defenses – OpenC2

https://doi.org/10.1016/j.cose.2020.101999Get rights and content
Under a Creative Commons license
open access

Abstract

The fact that cyber attacks are getting increasingly sophisticated and performed at machine speed motivated the development of OpenC2. This paper presents Open Command and Control (OpenC2), a suite of specifications that enable command and control of cyber defense systems and components at machine speed and in a manner that is agnostic of the underlying technologies utilized or of any other aspects of particular implementations. OpenC2 provides the means to introduce standardized interfaces to cyber defense systems, enabling interoperability and allowing seamless integration, communication, and operation between decoupled blocks that perform cyber defense functions. The suit of specifications includes a semantic language that enables machine-to-machine communication for purposes of command and control of cyber defense components, actuator profiles that specify the subset of the OpenC2 language and may extend it in the context of specific cyber defense functions, and transfer specifications that utilize existing protocols and standards to implement OpenC2 in particular environments. Fundamentally, OpenC2 addresses the acting part of the Integrated Adaptive Cyber Defense (IACD) framework and is designed to be technology agnostic, concise, abstract, and extensible. Ultimately, OpenC2 is a building block for enabling coordinated defense in cyber-relevant time, shifting traditional monolithic cyber response approaches to more granular, flexible, and adaptive.

Keywords

OpenC2
Open command and control
Course of action
Security automation
Security orchestration
Active cyber defense
IACD
SOAR
Incident response
Cybersecurity

Cited by (0)

Vasileios Mavroeidis is a Research Scientist at the University of Oslo specializing in Cyber Threat Intelligence (CTI) and Security Orchestration, Automation, and Response (SOAR). Mr. Mavroeidis is engaged on multiple national and international-level research projects in CTI and Active Cyber Defense, and is also interested in standardization for cyber security. Currently, he is co-chairing the OASIS Threat Actor Context (TAC) Technical committee, holds the secretariat of the OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security Technical Committee, and has contributed to the Open Command and Control (OpenC2) effort.

Joe Brule has been working with NSA since 1997 and has focused on the Information Assurance mission since 2003. Currently, Mr. Brule is a cyber-engineer in the Capabilities Directorate and is a co-chair for the OASIS OpenC2 Technical Committee. His previous experience includes mission assurance for satellite systems, COMSEC engineering for space systems, Executive Secretary for the National Space INFOSEC Steering Council, and contributor to System Threat Assessment Reports and Capstone Threat Assessments. (satellite systems and the global information grid). Mr. Brule has also contributed to CNSS Policy Number 12 (Space IA Policy) and was the primary author of a CNSS Memorandum (TRANSEC for Space Systems).