Original impetus for OpenC2

[jmbrule]

In the context of this glossary, I do not know if this matters, but IACD was not the original impetus for OpenC2. The actual history is: There was an 'Active Cyber Defense' effort that was investigating the feasibility of automated and coordinated responses to cyber defenses using standards and COTS products. One of the subtasks within ACD was the gap analysis (in the standards and available products).
A standardized means for command and control of cyber defense technologies was identified as a gap. In the same timeframe, there was an RSA presentation (by Cisco) that proposed the use of the STIX object and the structured COA field (which was undefined) for coordinated response. The NSA and Cisco coordinated a meeting and invited other stakeholders to form and participate in a working group which eventually evolved into the OpenC2 Forum.
IACD is a joint NSA and DHS effort that participates in OpenC2.
Again, do not know if it matters for the glossary but there it is....

[sparrell]

So I get the history correct - you saying ACD and IACD are different, and that ACD is older and that OpenC2 came out of ACD, not out of IACD. Did IACD come out of ACD or from something else? I know IACD was publicly in an 2015 IEEE article which references an 2011 whitepaper that seems to call for Openc2 without calling it by name (and doesn't say IACD either) - but maybe I'm reading too much into it because I have guilty knowledge since IACD and openc2 did come about to meet the needs they mention. When did openc2 forum start?

[jmbrule]

ACD and IACD are different animals. ACD was an NSA effort that was kicked off circa 2014. There was also another effort by DHS that was also called ACD that came up at about the same time. IN the 2015 timeframe, the DHS effort was rebranded as IACD. The NSA ACD effort was ramped down and eventually ended in the 2016 timeframe. The NSA works with DHS on the IACD effort, but DHS is really the main driver on IACD and NSA has more of an advisory role. The OpenC2 effort came about in this way:

The NSA ACD effort tasked someone (me actually) to investigate the available standards for C2 of cyber defense systems. There was really nothing out there. In June of 2015, NSA ACD invited about 20 people from eight organizations to investigate any efforts that we could participate in to address C2 of cyber defense technologies. The DHS IACD was present. It was decided that we would most likely need to stand up our own effort so we had a kickoff in August of 2015. We operated as an independent forum until June of 2017 and DHS IACD was an active participant in OpenC2.

From: Duncan Sparrell [mailto:notifications@github.com] Sent: Friday, October 6, 2017 7:41 PM To: oasis-tcs/openc2-glossary openc2-glossary@noreply.github.com Cc: Brule, Joseph M jmbrule@radium.ncsc.mil; Author author@noreply.github.com Subject: [Non-DoD Source] Re: [oasis-tcs/openc2-glossary] Original impetus for OpenC2 (#13)

So I get the history correct - you saying ACD and IACD are different, and that ACD is older and that OpenC2 came out of ACD, not out of IACD. Did IACD come out of ACD or from something else? I know IACD was publicly in an 2015 IEEE article which references an 2011 whitepaper that seems to call for Openc2 without calling it by name (and doesn't say IACD either) - but maybe I'm reading too much into it because I have guilty knowledge since IACD and openc2 did come about to meet the needs they mention. When did openc2 forum start?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/oasis-tcs/openc2-glossary/issues/13#issuecomment-334893749, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AQQtp_sa_ieqpxuQXLXj6G3fR3N3rqR7ks5sprqGgaJpZM4Pw5pD.

[dlemire60]

I don't know whether any of the history being discussed will actually end up in the glossary, but I'd like to contribute a G2 perspective. We had internal discussions to work out the concepts for a C2 language in fall of 2014, producing a white paper and very early reference implementations using first Kafka then AMQP as message transfer mechanisms for JSON-formatted messages in November / December of that year. The name OpenC2 was chosen following the trends of other popular products such as OpenFlow, OpenAM, and OpenvSwitch. G2 had initial discussions about OpenC2 with Craig Harber in January 2015, and Craig subsequently connected us with Joe Brule.