Draft Sensor Output Specification for Technical Discussion

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view

Draft Sensor Output Specification for Technical Discussion

Bisch Heidi

I would like to start by introducing myself and the reason for NATO's interest / involvement in the CEE.  I am a scientist at NATO C3 Agency (NC3A) that works in the area of cyber defense.  Part of the work that we do involves working on future capabilities for NATO.  One of the capabilities is called a Cyber Defense Decision Support System (CDDS) which involves collecting "sensor" information in a coalition environment to provide a consolidated Information Assurance Picture (CIAP) and be able to perform a dynamic risk assessment.  To reach this capability, a standard sensor output specification is required hence the interest in CEE.  


The current situation of the Security Information Management System having connectors to normalize the sensor data is an issue in a coalition environment since NATO is not able to dictate to other nations what equipment is deployed in the national networks.  Therefore, it is impossible for a central NATO CDDSS to be able to have all the connectors required to collect data from the national networks and create a CIAP.    As well there is a problem of the nations being able to share all the information that may be in an event, for example internal IP addresses.  Since the nations are not able to separate the data that they are able to share due to laws / policies in their own country no information is shared.  The idea is if there is a standard sensor output specification then specific information can be blocked at a guard (ex. internal IP Address)


With this problem set, NC3A collaborated with MITRE to create a very draft sensor output specification so that we could create a proof of concept to demonstrate what would be possible if a CEE existed.  We had sensors' information translated to this spec and then passed through a guard (which blocked the internal IP addresses ) before it reached the Security Information Management System.  The proof of concept was successful but it also brought up issues that more information needed to be included in the spec when the IP was dropped so useful correlation could occur.


I wanted to share the spec that was developed so that the CEE working group could start a more technical discussion on CEE.  You must understand that it is a very draft spec but I thought it was something to start with.  I know that some people will criticize it which is fine but I would encourage for every criticism that you also provide feedback that can improve the specification.  I consider yourselves the experts in this field.  My interest is to make sure that as CEE is developed that it will still work within a coalition environment.  (Note:  this may also apply to a multinational company where privacy issues and laws have to be adhered to.)


I am looking forward to your constructive feedback.


Kind Regards,


Heidi Bisch
Communications and Information Systems Division

NATO C3 Agency
Internet: [hidden email]


Draft_Sensor_Output_v3.zip (140K) Download Attachment
Reply | Threaded
Open this post in threaded view

Re: Draft Sensor Output Specification for Technical Discussion

Caudle, Rodney
I received this e-mail but it was blocked by the border.  Can the
originator please contact me offlist so I may receive a copy of the

Rodney Caudle