Standards-Driven Cybersecurity Ecosystems Benefit National Security

Standards-Driven Cybersecurity Ecosystems Benefit National Security

SAIC works with the Open Cybersecurity Alliance to further enable products and tools to share data and communicate seamlessly and rapidly

Forrest Hare

As we move past October’s Cybersecurity Awareness Month, I would like to bring attention to one of the efforts SAIC sponsors and contributes to that is incredibly valuable to the cybersecurity community. This initiative is open to and benefits everyone in the community: cybersecurity product vendors, system integrators like SAIC, private-sector cyber operations practitioners, and customers, which for us, include federal agencies with critical national security missions. The effort I’m referring to is called the Open Cybersecurity Alliance (OCA), and its goal is to make standards-based, interoperable cybersecurity a reality.

There's no question we have an interoperability problem

According to Forrester, security complexity is now the biggest challenge organizations face. And, in an AttackIQ and Ponemon Institute survey, respondents indicate that organizations use an average of 47 different cybersecurity tools across their networks. All of these cybersecurity products must work together in order to provide an effective organization-wide defense. But security analysts are tasked with performing one-off, time-consuming, tailored integrations; all the while, cyber threats are rapidly evolving in an expanding landscape.

These integration tasks become a major resource drain, greatly impacting attempts to stay ahead of the evolving threats and vulnerabilities. Far too often, we spend time talking about how we even classify cyber entities and actions, the nouns and verbs, as opposed to working together to solve the real problems that malicious actors create.

OCA was formed to address interoperability issues

Formed in 2019, OCA brings together organizations and individuals from around the globe to develop and promote sets of common code, patterns, and practices in order to enable cybersecurity tools to freely share data and communicate seamlessly. OCA is working on three projects that are contributing to this vision of an open cybersecurity ecosystem:

  • STIX-Shifter, a patterning library that normalizes data across domains for comprehensive security analysis
  • OpenDXL Ontology, a messaging format for real-time data exchange and cross-vendor orchestration
  • NIST SCAP v2, a data collection architecture that supports continuous policy monitoring.

These projects are moving the industry forward to the goal of being able to “integrate once, reuse everywhere.”


Organizations use an average of 47 different cybersecurity tools. We are excited to participate in OCA to tackle integration challenges.

We at SAIC experience firsthand the interoperability issue...

…and how it impedes effective implementation of cybersecurity solutions, and we believe it requires the entire community to work together to achieve better results. Therefore, SAIC sponsors OCA, works with like-minded colleagues in the alliance's systems integrator working group, and helps guide the projects as a member of the governing project board.

An important part of SAIC’s mission is ensuring our customers' cybersecurity. As a systems integrator, we are uniquely positioned to understand how the security of our customers’ cyber operations contributes directly to our nation’s security in domain.

OCA’s projects directly benefit our customers in several ways

SAIC is excited to participate in OCA and tackle integration challenges. We recognize that projects like the above can benefit our customers in several ways. First, it opens up our vendor options and disinhibits vendor lock-in, so we can focus solely on required features and capabilities and the best solution. It also reduces the timeline and complexity of architecting and deploying cyber solutions and subsequently reduces customers' costs.

Projects like STIX-Shifter reduce timelines for sharing threat information and response options in complex environments. Whether it is a firewall adjustment, load balancing, or another response, cyber teams can better identify and remediate threats. An open cybersecurity framework opens up many possibilities to take greater advantage of emerging technologies. We will be ultimately performing cyber defense operations at machine speed, which requires implementation of artificial intelligence fueled by data with common standards across the enterprise.

We are continuing to evangelize open cybersecurity

As I mentioned, I believe that this field is bettered by active community collaboration, so we will leverage our strong partnerships with many vendors and customers to evangelize open and interoperable cyber standards. So whether you are a product vendor, government official, academic, or anyone else involved in cybersecurity, I encourage you to read more about OCA’s mission and its projects that are fulfilling that mission.

For those who share the same passion, I encourage you to join OCA and participate in the work. I look forward to sharing future successes as OCA makes progress on these and other projects.

Posted by: Forrest Hare

Cyber Operations / Solutions Developer

Forrest Hare works in the cyber practice within SAIC’s Strategy, Growth, and Innovation group, developing and implementing solutions for both cybersecurity and knowledge modeling for federal government customers. One of his primary focuses is on developing machine-readable, semantically computable knowledge models that integrate operations in all defense domains, including air, land, sea, space, and all components of cyberspace, such as the electromagnetic spectrum. He develops ontology-based knowledge models for defense intelligence to improve intelligence information for all-source analysis.

Hare joined SAIC after retiring as a colonel in the U.S Air Force. His last assignment was deputy center chief at the Defense Intelligence Agency’s Asia/Pacific Intelligence Center. Over his 28-year career in the Air Force, Hare had assignments in targeting, signals intelligence, information operations, and cybersecurity policy. While assigned to the Air Force headquarters staff, he was a member of the Air Force Chief of Staff’s cyberspace task force, which defined the service’s role in the cyberspace warfighting domain.

Hare, a Ph.D., is an adjunct professor at George Mason University and Georgetown University, where he instructs on security and technology, intelligence operations, and national security policy for cyberspace. He is also a member of the Open Cybersecurity Alliance’s Project Governing Board, which promotes open standards for cybersecurity products. Hare is a Certified Information Systems Security Professional.

Hare earned his bachelor’s degree in geography and economics from the U.S. Air Force Academy, his master’s degree in geography from the University of Illinois Urbana-Champaign, and his doctorate degree in public policy from George Mason University. He lives with his wife and dog in northern Virginia most of the time as well as in “ski-country” Colorado. He practices and instructs aikido and enjoys triathlons when there’s no snow.

Read other blog posts from Forrest Hare >

< Return to Blogs