As we move past October’s Cybersecurity Awareness Month, I would like to bring attention to one of the efforts SAIC sponsors and contributes to that is incredibly valuable to the cybersecurity community. This initiative is open to and benefits everyone in the community: cybersecurity product vendors, system integrators like SAIC, private-sector cyber operations practitioners, and customers, which for us, include federal agencies with critical national security missions. The effort I’m referring to is called the Open Cybersecurity Alliance (OCA), and its goal is to make standards-based, interoperable cybersecurity a reality.
There's no question we have an interoperability problem
According to Forrester, security complexity is now the biggest challenge organizations face. And, in an AttackIQ and Ponemon Institute survey, respondents indicate that organizations use an average of 47 different cybersecurity tools across their networks. All of these cybersecurity products must work together in order to provide an effective organization-wide defense. But security analysts are tasked with performing one-off, time-consuming, tailored integrations; all the while, cyber threats are rapidly evolving in an expanding landscape.
These integration tasks become a major resource drain, greatly impacting attempts to stay ahead of the evolving threats and vulnerabilities. Far too often, we spend time talking about how we even classify cyber entities and actions, the nouns and verbs, as opposed to working together to solve the real problems that malicious actors create.
OCA was formed to address interoperability issues
Formed in 2019, OCA brings together organizations and individuals from around the globe to develop and promote sets of common code, patterns, and practices in order to enable cybersecurity tools to freely share data and communicate seamlessly. OCA is working on three projects that are contributing to this vision of an open cybersecurity ecosystem:
- STIX-Shifter, a patterning library that normalizes data across domains for comprehensive security analysis
- OpenDXL Ontology, a messaging format for real-time data exchange and cross-vendor orchestration
- NIST SCAP v2, a data collection architecture that supports continuous policy monitoring.
These projects are moving the industry forward to the goal of being able to “integrate once, reuse everywhere.”