jmbrule
commented
7 years ago The use case that Duncan is bringing up is going to be more and more important in the future and he is correct in that we need address ASAP. I suspect that we will be able to instantiate new VMs with the use of copy, synch and start actions.
PROBLEM
Does the scope of the openc2 language include instantiating a security technology? For example, a 'parent' orchestrator could tell a 'child' orchestrator to instantiate a IDS (or sandbox or proxy or ...) that was not previously instantiated. Or is openc2 only for incremental changes to already existing functions.
In the example above, the reason could be for whatever the reason would have been if a human did it. The most likely scenarios, in my (Duncan's) opinion would be capacity changes in a cloud environment (eg add additional capacity due to increasing threat) or capability changes in a cloud environment (eg add a technology that wasn't cost effective prior but now is due to changing threat level).
POTENTIAL SOLUTION
I recommend openc2 handle both capacity and capability changes and therefore should be able to instantiate security technology. Maybe the existing commands could be used, or maybe a new command is needed (more study needed - comments, opinions welcome).