Cyber-attacks are increasing in terms of sophistication, speed and dynamics. Advanced cyber actors (and even script kiddies) are utilizing automation with adaptive tradecraft and these trends are likely to continue. To combat this we need to facilitate interoperability and integration by standardizing interfaces & protocols allowing more flexible and interoperable cyber defense components. OpenC2 is being created to standardize machine-to-machine command & control (C2) to enable cyber defense system interoperability at machine speeds. The author believes that there is an economic driver for adoption even prior to automated defense, ie that having a standard interface to perform security command & control avoids the vendor lock-in that results from today’s proprietary interfaces. The talk will begin with the problem openC2 is trying to solve, provide a review of openC2 and its use cases, and give the current status on standardization.
Duncan Sparrell is a seasoned (aka old) software developer and network security evangelist. He graduated back when computers were the size of buildings and programmed with punch cards. He is semi-retired and trying to give back to the community while pursuing his interests in cloud security, agile, secure software development, and erlang. Most of his cyber experience is blue team (defense) but he kick-started his cyber chops as part of a CNA (offense) team during first Gulf War. Besides having various certs (CSSIP, CSSLP, CCSK, PE), he was awarded the Intelligence Community Seal Medallion, and the AT&T Science and Technology Medal. His PGP fingerprint is “A870 5F67 00F9 D3FC ECD1 2D97 2A42 E870 6A4E EC12”, his twitter handle is @dsparrell, his peerlyst handle is sFractal, and his github handle is sparrell.