UCO currently has a class representing the concept of Action.
This basic Action class acts as a consistent foundation for numerous various subclasses of actions (Analysis, ObservableAction, InvestigativeAction, etc.).
UCO currently lacks and yet needs an ability to explicitly specify the nature of a given action independent of what the specific action is or what class of action it is.
UCO needs the ability to explicitly specify the nature of an action as answering questions such as:
Is it an action that occurred in the past and was observed? (action nature is "observed")
Is it an action that occurred in the past and was not observed but was rather deduced from other contextual information? (action nature is "derived")
Is it an action that could potentially occur (past, present, or future)? (action nature is "potential")
Is it an action that could potentially occur (past, present, or future) if certain conditions are true? (action nature is "potential-conditional")
Is it an action that is prescribed or suggested? (action nature is "prescriptive")
Is it an action that is prescribed or suggested if certain conditions are true? (action nature is "prescriptive-conditional")
Is it an action that is being imperatively and authoritatively commanded to be performed immediately? (action nature is "tasking-immediate")
Is it an action that is being imperatively and authoritatively commanded to be performed if certain conditions are true? (action nature is "tasking-conditional")
Is the nature of the action unknown? (action nature is "unknown")
This sort of action nature is independent of and orthogonal to the specific action (open, delete, etc.) or the class of action (ObservableAction, InvestigativeAction, etc.).
For example, you could have an action "delete file" that is an ObservableAction but it could have been observed or derived or it could be a potential, suggested, or imperative action.
This capability is required for effective expression of the concept of Course of Action and for application domains such as security operations, security assurance, cyber threat intelligence, adversary engagement, etc.
Requirements
Requirement 1
Ability to explicitly express that an action was observed.
Requirement 2
Ability to explicitly express that an action was derived from other contextual information.
Requirement 3
Ability to explicitly express that an action could have occurred, be occurring or occur sometime in the future.
Requirement 4
Ability to explicitly express that an action could have occurred, be occurring or occur sometime in the future if some particular prerequisite conditions are true.
Requirement 5
Ability to explicitly express that an action is prescribed/suggested/recommended to take.
Requirement 6
Ability to explicitly express that an action is prescribed/suggested/recommended to take if some particular prerequisite conditions are true.
Requirement 7
Ability to explicitly express that an action must (as an authoritative and imperative tasking command) be taken immediately (or as soon as is possible).
Requirement 8
Ability to explicitly express that an action must (as an authoritative and imperative tasking command) be taken immediately (or as soon as is possible) if some particular prerequisite conditions are true.
Requirement 9
Ability to explicitly express that the nature of an action is unknown.
Requirement 10
Ability to explicitly express the nature of an action independent of the specific action (core:name) itself or the class (subclass of action:Action) of action.
Risk / Benefit analysis
Benefits
Provides useful contextual clarity on the nature of an action
Via expression directly as part of the action rather than via external context the nature of the action can be known even if all you have is the action without any surrounding context.
Provides necessary nature characterization to support effective definition and use of Courses of Action
Risks
Some of these natures such as observed and derived could potentially be conveyed external to the action itself via use of Relationships. While such external expression is different from internal characterization there is the potential for confusion.
Competencies demonstrated
NOTE: More details coming soon
Competency 1
Competency Question 1.1
Result 1.1
Competency Question 1.2
Result 1.2
Solution suggestion
add action:actionNature property
add vocabulary:ActionNatureVocab vocabulary
add action:prerequisiteCondition property
add new associated property shapes on action:Action
Solution discussion
NOTE: More details coming soon
Background
UCO currently has a class representing the concept of Action. This basic Action class acts as a consistent foundation for numerous various subclasses of actions (Analysis, ObservableAction, InvestigativeAction, etc.).
UCO currently lacks and yet needs an ability to explicitly specify the nature of a given action independent of what the specific action is or what class of action it is. UCO needs the ability to explicitly specify the nature of an action as answering questions such as:
This sort of action nature is independent of and orthogonal to the specific action (open, delete, etc.) or the class of action (ObservableAction, InvestigativeAction, etc.). For example, you could have an action "delete file" that is an ObservableAction but it could have been observed or derived or it could be a potential, suggested, or imperative action.
This capability is required for effective expression of the concept of Course of Action and for application domains such as security operations, security assurance, cyber threat intelligence, adversary engagement, etc.
Requirements
Requirement 1
Ability to explicitly express that an action was observed.
Requirement 2
Ability to explicitly express that an action was derived from other contextual information.
Requirement 3
Ability to explicitly express that an action could have occurred, be occurring or occur sometime in the future.
Requirement 4
Ability to explicitly express that an action could have occurred, be occurring or occur sometime in the future if some particular prerequisite conditions are true.
Requirement 5
Ability to explicitly express that an action is prescribed/suggested/recommended to take.
Requirement 6
Ability to explicitly express that an action is prescribed/suggested/recommended to take if some particular prerequisite conditions are true.
Requirement 7
Ability to explicitly express that an action must (as an authoritative and imperative tasking command) be taken immediately (or as soon as is possible).
Requirement 8
Ability to explicitly express that an action must (as an authoritative and imperative tasking command) be taken immediately (or as soon as is possible) if some particular prerequisite conditions are true.
Requirement 9
Ability to explicitly express that the nature of an action is unknown.
Requirement 10
Ability to explicitly express the nature of an action independent of the specific action (core:name) itself or the class (subclass of action:Action) of action.
Risk / Benefit analysis
Benefits
Risks
Competencies demonstrated
NOTE: More details coming soon
Competency 1
Competency Question 1.1
Result 1.1
Competency Question 1.2
Result 1.2
Solution suggestion
Solution discussion NOTE: More details coming soon