The 'Interoperability Village' shall act as a testing ground for stakeholders of the OCA to perform comprehensive interoperability testing between OASIS Open Projects', Open Source, and Commercial cybersecurity tools and frameworks. The village will be a persistent cloud-based infrastructure funded by sponsors and run using volunteer technical resources.
-
It provides a central location isolated from stakeholder internal development, testing, and production systems/data where elements can be provisioned and interconnected outside of the requisite controls.
-
This isolation from internal assets will empower rapid prototyping and iterations outside of formal internal processes, procedures, and policies controlling internal assets.
-
The ability to persist test data, functional elements, and integration progress to date will allow us to focus on next steps vs. re-creating same to re-test.
The cybersecurity landscape's constant evolution calls for robust, dynamic solutions that enable seamless interoperability between various tools and frameworks.
The cybersecurity field is increasingly complex, necessitating a dedicated platform for interoperability testing of diverse tools and frameworks.
The existence of a persistent, community-driven Interoperability Village lets us incrementally build on our prior successes and extend and maintain integrations.
A centrally managed, shared, interoperability lab lets participating organizations participate without the constraints of extending their internal infrastructure and data to external parties. Without a shared space for testing interoperability, organizations will continue to operate in silos which will prevent progress. An interoperability lab will significantly increase the speed at which testing can occur, leading to faster results.
The proposed Interoperability Village meets this critical need, fostering collaboration and shared learning among OCA stakeholders, and contributing to enhanced cybersecurity interoperability. This approach can also strengthen standards development as feedback derived from concrete implementations and interoperability testing can provide valuable insights and recommendations.
Project contribution to OCA goals and mission
This proposal aims to establish an "Interoperability Village" - a central cloud-based platform dedicated to interoperability testing within the framework of OASIS Open and open source projects.
Implementing the Interoperability Village under the auspices of the OASIS OCA will provide several benefits:
-
Enhanced Interoperability: The platform will facilitate interoperability testing between various cybersecurity tools and frameworks.
-
Community Engagement: The project will engage the wider OCA community and other external parties, fostering collaboration and shared learning.
-
Strengthened standards development: The project can provide valuable insights and actionable advice on the implemented standards and technical specifications (OASIS and International Standards de jure).
-
Sponsor Visibility: Sponsors and participants will gain visibility within the cybersecurity community, demonstrating their commitment to enhancing cybersecurity interoperability.
The implementation and maintenance of a central cloud-based "Interoperability Village" where OCA stakeholders perform interoperability testing between OASIS Open Projects', Open Source, and Commercial cybersecurity tools and frameworks.
OCA develops standardized data interfaces to support an open ecosystem where cybersecurity tools interoperate without the need for custom integrations.
OCA is a nonprofit, global collaboration of software providers, end users, government agencies, research institutes, academia, and individuals committed to enabling the free exchange of information, insights, analytics, and response across cybersecurity tools.
An open-source project, OCA operates under the OASIS Open governance process, which ensures transparency, inclusiveness, and safety, with a path to standardization and reference in international policy and procurement.
- Deployment of OCA Tools and Frameworks
- Deployment of tools and frameworks leveraging OASIS and International Standards de jure.
- Access to commercial products and services for POC testing and validation.
- Technical Subject Matter Experts to aid in the setup and testing of elements.
No.
OASIS Standards: STIX, TAXII, OpenC2, CACAO, TAC, MQTT, CSAF, OHDF, SAM, OData, Sarif, TOSCA, etc. All OCA Initiatives: Kestrel, STIX Shifter, PACE, IOB, CASP, OXA, CACAO Roaster, etc. Scope and definition automatically extend to future relevant OASIS Standards and OCA tools & frameworks.
These will be a broad and diverse set of implementation languages determined by those used in the creation of the elelements we are integrating and testing.
The cloud infrastructure itself will be based on IaaS/PaaS/?aaS provisioning and management 'languages' (e.g., Terraform, CloudFormation, Docker, Ansible, Chef, Python, Go, Rust, JSON, YAML, XML). Some of these DevOps elements will be determined by the Cloud Infrastructure sponors.
There will be several technologies used to provision, manage, and secure the Interoperability Village. These will include Open Source and commercially licensed products and services.
- AT&T
- IBM
- sFractal Consulting
Caveat: Inclusion as "Project Sponsor" of this proposal does not mean implicit or explicit financial support for the Interoperability Village. We will separately solicit resources from the entire stakeholder community - which may include financial, resources, technologies, and services.
The project's sustainability will be ensured through the continued support of sponsors for the cloud infrastructure. Potential sponsors include current OASIS members, e.g. Microsoft, Google, IBM, etc.
The project will also foster a sense of community among volunteer technical resources, encouraging their ongoing involvement.
As we continue to build Use Cases and demonstrate successful integrations and interoperability, more vendors will be encouraged to participate - both in terms of demonstrating their capabilities, as well as the increased value of their support for International Standards such as STIX, TAXII, OpenC2, CACAO, and CSAF.
The project will utilize individuals with expertise in the following areas:
- Cloud Architecture: To design the cloud-based infrastructure of the Interoperability Village.
- Cybersecurity: To ensure the security of the cloud infrastructure and the integrity of interoperability testing.
- Systems Integration: To integrate the various OASIS Open Projects tools and frameworks into the platform.
- Operations: To maintain and manage the cloud infrastructure, ensuring its persistent availability.
- Project Management: To harness the collective talent and resources to ensure the project is achieving goals in a timely manner and to provide any necessary administrative or logistical support.
To ensure the success of the 'Interoperability Village,' we propose the following implementation strategy:
-
Stakeholder Engagement: Continuous engagement with OCA stakeholders to understand their needs and incorporate their feedback into the project.
-
Sponsor Outreach: Active outreach to potential sponsors, showcasing the value proposition of the 'Interoperability Village' and how their contribution can make a significant impact.
-
Volunteer Recruitment: Harnessing the expertise of the cybersecurity community through a call for volunteer technical resources. The recruitment process will focus on the skills necessary for the project.
-
Progress Tracking: Regular updates to the OCA Leadership Board and sponsors about the project's progress, maintaining transparency and trust.
-
Quarterly Interoperability Plugfests: the OCA CASP working group holds quarterly interoperability conferences that brings together practitioners and stakeholders to establish and demonstrate interoperability of tools and framework built using cybersecurity and related data standards.
We have submitted a proposal for an Alan Paller Laureate Program grant to fund the first year of operation.
Patrick Maroney packet-rat