Standards-Driven Cybersecurity Ecosystems Benefit National Security

SAIC works with the Open Cybersecurity Alliance to further enable products and tools to share data and communicate seamlessly and rapidly

11-30-2020
Forrest Hare
CYBER

As we move past October’s Cybersecurity Awareness Month, I would like to bring attention to one of the efforts SAIC sponsors and contributes to that is incredibly valuable to the cybersecurity community. This initiative is open to and benefits everyone in the community: cybersecurity product vendors, system integrators like SAIC, private-sector cyber operations practitioners, and customers, which for us, include federal agencies with critical national security missions. The effort I’m referring to is called the Open Cybersecurity Alliance (OCA), and its goal is to make standards-based, interoperable cybersecurity a reality.

There's no question we have an interoperability problem

According to Forrester, security complexity is now the biggest challenge organizations face. And, in an AttackIQ and Ponemon Institute survey, respondents indicate that organizations use an average of 47 different cybersecurity tools across their networks. All of these cybersecurity products must work together in order to provide an effective organization-wide defense. But security analysts are tasked with performing one-off, time-consuming, tailored integrations; all the while, cyber threats are rapidly evolving in an expanding landscape.

These integration tasks become a major resource drain, greatly impacting attempts to stay ahead of the evolving threats and vulnerabilities. Far too often, we spend time talking about how we even classify cyber entities and actions, the nouns and verbs, as opposed to working together to solve the real problems that malicious actors create.

OCA was formed to address interoperability issues

Formed in 2019, OCA brings together organizations and individuals from around the globe to develop and promote sets of common code, patterns, and practices in order to enable cybersecurity tools to freely share data and communicate seamlessly. OCA is working on three projects that are contributing to this vision of an open cybersecurity ecosystem:

  • STIX-Shifter, a patterning library that normalizes data across domains for comprehensive security analysis
  • OpenDXL Ontology, a messaging format for real-time data exchange and cross-vendor orchestration
  • NIST SCAP v2, a data collection architecture that supports continuous policy monitoring.

These projects are moving the industry forward to the goal of being able to “integrate once, reuse everywhere.”

 

Organizations use an average of 47 different cybersecurity tools. We are excited to participate in OCA to tackle integration challenges.

We at SAIC experience firsthand the interoperability issue...

…and how it impedes effective implementation of cybersecurity solutions, and we believe it requires the entire community to work together to achieve better results. Therefore, SAIC sponsors OCA, works with like-minded colleagues in the alliance's systems integrator working group, and helps guide the projects as a member of the governing project board.

An important part of SAIC’s mission is ensuring our customers' cybersecurity. As a systems integrator, we are uniquely positioned to understand how the security of our customers’ cyber operations contributes directly to our nation’s security in domain.

OCA’s projects directly benefit our customers in several ways

SAIC is excited to participate in OCA and tackle integration challenges. We recognize that projects like the above can benefit our customers in several ways. First, it opens up our vendor options and disinhibits vendor lock-in, so we can focus solely on required features and capabilities and the best solution. It also reduces the timeline and complexity of architecting and deploying cyber solutions and subsequently reduces customers' costs.

Projects like STIX-Shifter reduce timelines for sharing threat information and response options in complex environments. Whether it is a firewall adjustment, load balancing, or another response, cyber teams can better identify and remediate threats. An open cybersecurity framework opens up many possibilities to take greater advantage of emerging technologies. We will be ultimately performing cyber defense operations at machine speed, which requires implementation of artificial intelligence fueled by data with common standards across the enterprise.

We are continuing to evangelize open cybersecurity

As I mentioned, I believe that this field is bettered by active community collaboration, so we will leverage our strong partnerships with many vendors and customers to evangelize open and interoperable cyber standards. So whether you are a product vendor, government official, academic, or anyone else involved in cybersecurity, I encourage you to read more about OCA’s mission and its projects that are fulfilling that mission.

For those who share the same passion, I encourage you to join OCA and participate in the work. I look forward to sharing future successes as OCA makes progress on these and other projects.

Posted by: Forrest Hare

Solutions Architect, Cyberspace Operations

Forrest Hare, PhD, is a solutions architect for SAIC, joining the company after retiring as a colonel in the U.S. Air Force. He is an adjunct professor at George Mason University and Georgetown University, where he instructs on national security policy for cyberspace. With William Diehl, PhD, his co-author and a professor of electrical engineering at Virginia Polytechnic Institute and State University, Hare recently presented on nonintrusive cyber weapons at the Cyber/Electronic Warfare Convergence Conference held by the Palmetto Roost Chapter of the Association of Old Crows.

Read other blog posts from Forrest Hare >

Connect with Forrest Hare: linkedin icon

< Return to Blogs