[cti-users] Research Paper

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[cti-users] Research Paper

Shawn Riley
Hi Folks,

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

The paper can be downloaded from LinkedIn's Slideshare.

Best,
Shawn

Shawn Riley
Executive Vice President
Centre for Strategic Cyberspace + Security Science
London, England, UK - Washington, DC, USA

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [cti-users] Research Paper

Shawn Riley
Thanks Adam. I thought it might be of interest to see research from a CISO/SOC/User point of view for using STIX, CYBOX, MAEC, etc vice the normal vendor view normally expressed on the list. We'll try to follow up with some additional information. 

Some users have said "Slideshare" is blocked from their networks and requested alternative ways to get the research paper. I've included a few additional sources below.


On Sun, Aug 23, 2015 at 8:50 AM, Adam Carbone <[hidden email]> wrote:

I would love to hear more about your efforts, really see the benefits of this was based on semantic web technologies, and then of you wanted json use json-ld.
Seems like an obvious choice not sure why this list hasn't embraced the idea.

Regards
Adam Carbone

On Aug 23, 2015 7:43 AM, "Shawn Riley" <[hidden email]> wrote:
Hi Folks,

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

The paper can be downloaded from LinkedIn's Slideshare.

Best,
Shawn

Shawn Riley
Executive Vice President
Centre for Strategic Cyberspace + Security Science
London, England, UK - Washington, DC, USA


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[cti-users] Re: Research Paper

Shawn Riley
In reply to this post by Shawn Riley
Hi folks, I've had a few people follow up asking where they could learn more about knowledge engineering and semantic web technologies since that was a key focus on the science of cybersecurity research paper. I just learned of a new Massively Open Online Course (MOOC) on Knowledge Engineering and Semantic Web Technologies that is FREE and open to everyone! I posted more information in a couple blogs posts for those interested. I know there are a number of us in the STIX, CYBOX, MSM community focused on the knowledge engineering side using semantic web technologies so while this is slightly off topic, I hope you find this information of value. 

LinkedIn

PeerLyst

On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:
Hi Folks,

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

The paper can be downloaded from LinkedIn's Slideshare.

Best,
Shawn

Shawn Riley
Executive Vice President
Centre for Strategic Cyberspace + Security Science
London, England, UK - Washington, DC, USA


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: [cti-users] Re: Research Paper

Bush, Jonathan

I do like this because it separates conceptual design from implementation, but I have a bit of a knowledge gap in the OWL area.  Question – How would we get from this sort of thinking to implementation (which is of course still important)?

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Shawn Riley
Sent: Monday, September 28, 2015 9:57 AM
To: [hidden email]
Subject: [cti-users] Re: Research Paper

 

Hi folks, I've had a few people follow up asking where they could learn more about knowledge engineering and semantic web technologies since that was a key focus on the science of cybersecurity research paper. I just learned of a new Massively Open Online Course (MOOC) on Knowledge Engineering and Semantic Web Technologies that is FREE and open to everyone! I posted more information in a couple blogs posts for those interested. I know there are a number of us in the STIX, CYBOX, MSM community focused on the knowledge engineering side using semantic web technologies so while this is slightly off topic, I hope you find this information of value. 

 

LinkedIn

 

PeerLyst

 

On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:

Hi Folks,

 

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

 

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

 

The paper can be downloaded from LinkedIn's Slideshare.

 

Best,

Shawn

 

Shawn Riley

Executive Vice President

Centre for Strategic Cyberspace + Security Science

London, England, UK - Washington, DC, USA

 

 


DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses.  The company accepts no liability for any damage caused by any virus transmitted by this email.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: [cti-users] Re: Research Paper

Cory Casanave

In the “Semweb” community there is a difference between “linked open data” (Mostly RDF) and inferencing (mostly OWL, which can be represented in RDF).  Both are graphs. OWL adds formal first order logic capabilities. The graph query language they have defined is “SPARQL” and works across both. RDF is a web based graph data model (there are others), with multiple representations including XML and JSON.

 

Graph data representations and queries like this work well when you want a lot of flexibility to subset and structure the data in various ways for different purposes, viewpoints and communities. If you have very fixed requirements you may be able to “flatten” it into a table or hierarchical structure. So different use cases may point you to a graph, flat or hierarchical structure for the same information. IMHO what you want is all of the above, you don’t want to get locked into any single perspective and representation. If one is foundational, the graph is the way to go.

 

OWL sounds great in that some of the inferences can infer new data from others. BUT, OWL inference as is implemented and used today is mostly an expensive in-memory computation. RDF assumes loosely coupled data in a very distributed model (linked open data). LOD allows reference to information on the web without the need to copy everything. So I would think a LOD graph of CTI data would be very interesting. I’m going to draw flies with this – but I would stay away from OWL (or perhaps use a very reduced subset of it, sometimes called RDF++). The reason is that OWL puts limits on your graph representation (so the OWL inferences can work) and to really take advantage of it you really need all data in memory. Of course tools could use OWL internally to process CTI data.

 

If you look at your underlying model as a graph, you can always flatten it for specific use cases.

 

To define this graph model I would still use UML, it can be mapped to OWL or RDF and is much more understandable than the text based OWL/RDF tools.

 

-Cory Casanave

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Bush, Jonathan
Sent: Monday, September 28, 2015 11:21 AM
To: 'Shawn Riley'; [hidden email]
Subject: RE: [cti-users] Re: Research Paper

 

I do like this because it separates conceptual design from implementation, but I have a bit of a knowledge gap in the OWL area.  Question – How would we get from this sort of thinking to implementation (which is of course still important)?

 

From: [hidden email] [[hidden email]] On Behalf Of Shawn Riley
Sent: Monday, September 28, 2015 9:57 AM
To: [hidden email]
Subject: [cti-users] Re: Research Paper

 

Hi folks, I've had a few people follow up asking where they could learn more about knowledge engineering and semantic web technologies since that was a key focus on the science of cybersecurity research paper. I just learned of a new Massively Open Online Course (MOOC) on Knowledge Engineering and Semantic Web Technologies that is FREE and open to everyone! I posted more information in a couple blogs posts for those interested. I know there are a number of us in the STIX, CYBOX, MSM community focused on the knowledge engineering side using semantic web technologies so while this is slightly off topic, I hope you find this information of value. 

 

LinkedIn

 

PeerLyst

 

On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:

Hi Folks,

 

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

 

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

 

The paper can be downloaded from LinkedIn's Slideshare.

 

Best,

Shawn

 

Shawn Riley

Executive Vice President

Centre for Strategic Cyberspace + Security Science

London, England, UK - Washington, DC, USA

 

 


DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses.  The company accepts no liability for any damage caused by any virus transmitted by this email.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[cti-users] Re: Research Paper

Shawn Riley
In reply to this post by Shawn Riley

Hi folks-

In addition to the request for more information about knowledge engineering and semantic web technology, I had quite a few requests for additional information on another key focus of the CSCSS Science of Cybersecurity paper, Activity-Based Intelligence. The following articles and slide decks from the Defense and Intelligence Community might provide some additional information and insights to help understand why we wanted to show how this could be applied to cybersecurity to advance cyber intelligence analysis tradecraft and better enable organizations to understand the cybersecurity of their ecosystem. (This is the last follow up, there were just to many people with questions on this topic not to send a wider response.)

Activity-Based Intelligence: Revolutionizing Military Intelligence Analysis

http://ndupress.ndu.edu/Media/News/NewsArticleView/tabid/7849/Article/581866/jfq-77-activity-based-intelligence-revolutionizing-military-intelligence-analys.aspx

DIA Modernizing Defense Intelligence: Object-Based Production and Activity-Based Intelligence

https://www.ncsi.com/diaid/2013/presentations/johnston.pdf

NGA Activity Based Intelligence slide deck

http://usgif.org/system/uploads/3357/original/ABI_Slides_Approved_for_Public_Release_13-231_1_.pdf

Activity Based Intelligence: Understanding the Unknown

http://www.afio.com/publications/LONG_Tish_in_AFIO_INTEL_FALLWINTER2013_Vol20_No2.pdf

Those looking for my CSCSS Science of Cybersecurity paper, the paper can be downloaded from:

LinkedIn's Slideshare: 
http://www.slideshare.net/shawnriley2/cscss-science-of-security-developing-scientific-foundations-for-the-operational-cybersecurity-ecosystem 

or from the CSCSS web site:
http://cscss.org/wp-content/uploads/2015/08/CSCSS-Science-of-Security-Developing-Scientific-Foundations-for-the-Operational-Cybersecurity-Ecosystem.pdf

or from ResearchGate:
https://www.researchgate.net/publication/280949461_Science_of_Cybersecurity_-_Developing_Scientific_Foundations_for_the_Operational_Cybersecurity_Ecosystem

Best regards,

Shawn


On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:
Hi Folks,

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

The paper can be downloaded from LinkedIn's Slideshare.

Best,
Shawn

Shawn Riley
Executive Vice President
Centre for Strategic Cyberspace + Security Science
London, England, UK - Washington, DC, USA


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[cti-users] REMOVE ME FROM THIS MAILINGLIST PLEASE

Yilmaz, Mustafa
Hi,

Could you remove me from this mailinglist please?
Met vriendelijke groeten,

s1075935 - Mustafa Yilmaz



Op 29 sep. 2015, om 14:58 heeft Shawn Riley <[hidden email]> het volgende geschreven:

Hi folks-

In addition to the request for more information about knowledge engineering and semantic web technology, I had quite a few requests for additional information on another key focus of the CSCSS Science of Cybersecurity paper, Activity-Based Intelligence. The following articles and slide decks from the Defense and Intelligence Community might provide some additional information and insights to help understand why we wanted to show how this could be applied to cybersecurity to advance cyber intelligence analysis tradecraft and better enable organizations to understand the cybersecurity of their ecosystem. (This is the last follow up, there were just to many people with questions on this topic not to send a wider response.)

Activity-Based Intelligence: Revolutionizing Military Intelligence Analysis

http://ndupress.ndu.edu/Media/News/NewsArticleView/tabid/7849/Article/581866/jfq-77-activity-based-intelligence-revolutionizing-military-intelligence-analys.aspx

DIA Modernizing Defense Intelligence: Object-Based Production and Activity-Based Intelligence

https://www.ncsi.com/diaid/2013/presentations/johnston.pdf

NGA Activity Based Intelligence slide deck

http://usgif.org/system/uploads/3357/original/ABI_Slides_Approved_for_Public_Release_13-231_1_.pdf

Activity Based Intelligence: Understanding the Unknown

http://www.afio.com/publications/LONG_Tish_in_AFIO_INTEL_FALLWINTER2013_Vol20_No2.pdf

Those looking for my CSCSS Science of Cybersecurity paper, the paper can be downloaded from:

LinkedIn's Slideshare: 
http://www.slideshare.net/shawnriley2/cscss-science-of-security-developing-scientific-foundations-for-the-operational-cybersecurity-ecosystem 

or from the CSCSS web site:
http://cscss.org/wp-content/uploads/2015/08/CSCSS-Science-of-Security-Developing-Scientific-Foundations-for-the-Operational-Cybersecurity-Ecosystem.pdf

or from ResearchGate:
https://www.researchgate.net/publication/280949461_Science_of_Cybersecurity_-_Developing_Scientific_Foundations_for_the_Operational_Cybersecurity_Ecosystem

Best regards,

Shawn


On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:
Hi Folks,

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

The paper can be downloaded from LinkedIn's Slideshare.

Best,
Shawn

Shawn Riley
Executive Vice President
Centre for Strategic Cyberspace + Security Science
London, England, UK - Washington, DC, USA



Op deze e-mail zijn de voorwaarden van toepassing als vermeld op:
The following conditions apply to this e-mail:
http://www.hsleiden.nl/disclaimer-email

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[cti-users] RE: REMOVE ME FROM THIS MAILINGLIST PLEASE

Shulman, Gil

Me too please

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Yilmaz, Mustafa
Sent: Tuesday, September 29, 2015 4:03 PM
To: Shawn Riley <[hidden email]>
Cc: [hidden email]
Subject: [cti-users] REMOVE ME FROM THIS MAILINGLIST PLEASE

 

Hi,

 

Could you remove me from this mailinglist please?

Met vriendelijke groeten,

 

s1075935 - Mustafa Yilmaz

 

 

 

Op 29 sep. 2015, om 14:58 heeft Shawn Riley <[hidden email]> het volgende geschreven:

 

Hi folks-

In addition to the request for more information about knowledge engineering and semantic web technology, I had quite a few requests for additional information on another key focus of the CSCSS Science of Cybersecurity paper, Activity-Based Intelligence. The following articles and slide decks from the Defense and Intelligence Community might provide some additional information and insights to help understand why we wanted to show how this could be applied to cybersecurity to advance cyber intelligence analysis tradecraft and better enable organizations to understand the cybersecurity of their ecosystem. (This is the last follow up, there were just to many people with questions on this topic not to send a wider response.)

Activity-Based Intelligence: Revolutionizing Military Intelligence Analysis

http://ndupress.ndu.edu/Media/News/NewsArticleView/tabid/7849/Article/581866/jfq-77-activity-based-intelligence-revolutionizing-military-intelligence-analys.aspx

DIA Modernizing Defense Intelligence: Object-Based Production and Activity-Based Intelligence

https://www.ncsi.com/diaid/2013/presentations/johnston.pdf

NGA Activity Based Intelligence slide deck

http://usgif.org/system/uploads/3357/original/ABI_Slides_Approved_for_Public_Release_13-231_1_.pdf

Activity Based Intelligence: Understanding the Unknown

http://www.afio.com/publications/LONG_Tish_in_AFIO_INTEL_FALLWINTER2013_Vol20_No2.pdf

Those looking for my CSCSS Science of Cybersecurity paper, the paper can be downloaded from:

LinkedIn's Slideshare: 
http://www.slideshare.net/shawnriley2/cscss-science-of-security-developing-scientific-foundations-for-the-operational-cybersecurity-ecosystem 

or from the CSCSS web site:
http://cscss.org/wp-content/uploads/2015/08/CSCSS-Science-of-Security-Developing-Scientific-Foundations-for-the-Operational-Cybersecurity-Ecosystem.pdf

or from ResearchGate:
https://www.researchgate.net/publication/280949461_Science_of_Cybersecurity_-_Developing_Scientific_Foundations_for_the_Operational_Cybersecurity_Ecosystem

Best regards,

Shawn

 

On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:

Hi Folks,

 

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

 

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

 

The paper can be downloaded from LinkedIn's Slideshare.

 

Best,

Shawn

 

Shawn Riley

Executive Vice President

Centre for Strategic Cyberspace + Security Science

London, England, UK - Washington, DC, USA

 

 

 

Op deze e-mail zijn de voorwaarden van toepassing als vermeld op:
The following conditions apply to this e-mail:
http://www.hsleiden.nl/disclaimer-email

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[cti-users] Re: REMOVE ME FROM THIS MAILINGLIST PLEASE

Walsh, Michael J.



Let me send out the reminder.  You're not done if steps 1-3 don't work cuz you are short of step 4.

-Michael



All,
 
I have a request for everyone on this list.  Please understand that there are over 1,600 people subscribed to just this one list and every time someone sends a message such as “please unsubscribe me” to the alias, over 1,600 people get that message.  That is not a good use of this resource.  As such, I implore anyone interested in unsubscribing from this list to follow the instructions that have been provided by OASIS staff:
 
1.       PLEASE do NOT send a message to the list itself!  PLEASE!
 
2.       Instead, send an email message to the mailing list server[hidden email]
 
3.       The server will respond to your message with a request for confirmation: when you receive it, reply to that email message
 
4.       If the instructions above are unclear, or if steps 2-3 seem to fail, please email (offline, without any CC to the list): [hidden email]
 
Thanks!
Rich
 
PS: I know that I have just caused over 1,600 people to receive yet another message unrelated to using STIX/TAXII/CybOX but I’m hoping that this will help everyone understand the importance of using the right mechanisms to handle administrative requests. J
 
 
Richard J. Struse
 
Chief Advanced Technology Officer
National Cybersecurity and Communications Integration Center (NCCIC) and
Stakeholder Engagement and Cyber Infrastructure Resiliency (SECIR)
Cyber Security & Communications
U.S. Department of Homeland Security
 

e-mail:  [hidden email]
Phone:  <a href="tel:202-527-2361" target="_blank">202-527-2361




From: [hidden email] <[hidden email]> on behalf of Shulman, Gil <[hidden email]>
Sent: Tuesday, September 29, 2015 9:29 AM
To: Yilmaz, Mustafa; Shawn Riley
Cc: [hidden email]
Subject: [cti-users] RE: REMOVE ME FROM THIS MAILINGLIST PLEASE
 

Me too please

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Yilmaz, Mustafa
Sent: Tuesday, September 29, 2015 4:03 PM
To: Shawn Riley <[hidden email]>
Cc: [hidden email]
Subject: [cti-users] REMOVE ME FROM THIS MAILINGLIST PLEASE

 

Hi,

 

Could you remove me from this mailinglist please?

Met vriendelijke groeten,

 

s1075935 - Mustafa Yilmaz

 

 

 

Op 29 sep. 2015, om 14:58 heeft Shawn Riley <[hidden email]> het volgende geschreven:

 

Hi folks-

In addition to the request for more information about knowledge engineering and semantic web technology, I had quite a few requests for additional information on another key focus of the CSCSS Science of Cybersecurity paper, Activity-Based Intelligence. The following articles and slide decks from the Defense and Intelligence Community might provide some additional information and insights to help understand why we wanted to show how this could be applied to cybersecurity to advance cyber intelligence analysis tradecraft and better enable organizations to understand the cybersecurity of their ecosystem. (This is the last follow up, there were just to many people with questions on this topic not to send a wider response.)

Activity-Based Intelligence: Revolutionizing Military Intelligence Analysis

http://ndupress.ndu.edu/Media/News/NewsArticleView/tabid/7849/Article/581866/jfq-77-activity-based-intelligence-revolutionizing-military-intelligence-analys.aspx

DIA Modernizing Defense Intelligence: Object-Based Production and Activity-Based Intelligence

https://www.ncsi.com/diaid/2013/presentations/johnston.pdf

NGA Activity Based Intelligence slide deck

http://usgif.org/system/uploads/3357/original/ABI_Slides_Approved_for_Public_Release_13-231_1_.pdf

Activity Based Intelligence: Understanding the Unknown

http://www.afio.com/publications/LONG_Tish_in_AFIO_INTEL_FALLWINTER2013_Vol20_No2.pdf

Those looking for my CSCSS Science of Cybersecurity paper, the paper can be downloaded from:

LinkedIn's Slideshare: 
http://www.slideshare.net/shawnriley2/cscss-science-of-security-developing-scientific-foundations-for-the-operational-cybersecurity-ecosystem 

or from the CSCSS web site:
http://cscss.org/wp-content/uploads/2015/08/CSCSS-Science-of-Security-Developing-Scientific-Foundations-for-the-Operational-Cybersecurity-Ecosystem.pdf

or from ResearchGate:
https://www.researchgate.net/publication/280949461_Science_of_Cybersecurity_-_Developing_Scientific_Foundations_for_the_Operational_Cybersecurity_Ecosystem

Best regards,

Shawn

 

On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:

Hi Folks,

 

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

 

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

 

The paper can be downloaded from LinkedIn's Slideshare.

 

Best,

Shawn

 

Shawn Riley

Executive Vice President

Centre for Strategic Cyberspace + Security Science

London, England, UK - Washington, DC, USA

 

 

 

Op deze e-mail zijn de voorwaarden van toepassing als vermeld op:
The following conditions apply to this e-mail:
http://www.hsleiden.nl/disclaimer-email

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[cti-users] RE: REMOVE ME FROM THIS MAILINGLIST PLEASE

Man Nguyen
In reply to this post by Shulman, Gil

Me three please.

 

Man

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Shulman, Gil
Sent: Tuesday, September 29, 2015 6:29 AM
To: Yilmaz, Mustafa <[hidden email]>; Shawn Riley <[hidden email]>
Cc: [hidden email]
Subject: [cti-users] RE: REMOVE ME FROM THIS MAILINGLIST PLEASE

 

Me too please

 

From: [hidden email] [[hidden email]] On Behalf Of Yilmaz, Mustafa
Sent: Tuesday, September 29, 2015 4:03 PM
To: Shawn Riley <[hidden email]>
Cc: [hidden email]
Subject: [cti-users] REMOVE ME FROM THIS MAILINGLIST PLEASE

 

Hi,

 

Could you remove me from this mailinglist please?

Met vriendelijke groeten,

 

s1075935 - Mustafa Yilmaz

 

 

 

Op 29 sep. 2015, om 14:58 heeft Shawn Riley <[hidden email]> het volgende geschreven:

 

Hi folks-

In addition to the request for more information about knowledge engineering and semantic web technology, I had quite a few requests for additional information on another key focus of the CSCSS Science of Cybersecurity paper, Activity-Based Intelligence. The following articles and slide decks from the Defense and Intelligence Community might provide some additional information and insights to help understand why we wanted to show how this could be applied to cybersecurity to advance cyber intelligence analysis tradecraft and better enable organizations to understand the cybersecurity of their ecosystem. (This is the last follow up, there were just to many people with questions on this topic not to send a wider response.)

Activity-Based Intelligence: Revolutionizing Military Intelligence Analysis

http://ndupress.ndu.edu/Media/News/NewsArticleView/tabid/7849/Article/581866/jfq-77-activity-based-intelligence-revolutionizing-military-intelligence-analys.aspx

DIA Modernizing Defense Intelligence: Object-Based Production and Activity-Based Intelligence

https://www.ncsi.com/diaid/2013/presentations/johnston.pdf

NGA Activity Based Intelligence slide deck

http://usgif.org/system/uploads/3357/original/ABI_Slides_Approved_for_Public_Release_13-231_1_.pdf

Activity Based Intelligence: Understanding the Unknown

http://www.afio.com/publications/LONG_Tish_in_AFIO_INTEL_FALLWINTER2013_Vol20_No2.pdf

Those looking for my CSCSS Science of Cybersecurity paper, the paper can be downloaded from:

LinkedIn's Slideshare: 
http://www.slideshare.net/shawnriley2/cscss-science-of-security-developing-scientific-foundations-for-the-operational-cybersecurity-ecosystem 

or from the CSCSS web site:
http://cscss.org/wp-content/uploads/2015/08/CSCSS-Science-of-Security-Developing-Scientific-Foundations-for-the-Operational-Cybersecurity-Ecosystem.pdf

or from ResearchGate:
https://www.researchgate.net/publication/280949461_Science_of_Cybersecurity_-_Developing_Scientific_Foundations_for_the_Operational_Cybersecurity_Ecosystem

Best regards,

Shawn

 

On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:

Hi Folks,

 

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

 

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

 

The paper can be downloaded from LinkedIn's Slideshare.

 

Best,

Shawn

 

Shawn Riley

Executive Vice President

Centre for Strategic Cyberspace + Security Science

London, England, UK - Washington, DC, USA

 

 

 

Op deze e-mail zijn de voorwaarden van toepassing als vermeld op:
The following conditions apply to this e-mail:
http://www.hsleiden.nl/disclaimer-email

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [cti-users] Re: Research Paper

Paul Patrick
In reply to this post by Cory Casanave
Cory thanks for the prospective.

My comments below are based on building OWL/RDF-based ontologies leveraging the concepts found in  STIX/MAEC/CybOX/et al or similar mdoel for the last 4 years that made it into operational environments.  We chose to use OWL/RDF, not for the inferencing immediately, but because a graph base model and the loosely-coupled nature of cyber intelligence data.  The research paper Shawn Riley provided is based on the experiences building this type of solution, not once but twice (its amazing what you learn when you do it again).

I first wanted to chime in to make sure that this group doesn’t get into the same kind of discussion as is going on with “XML vs JSON”.  IMHO, it isn’t “UML vs OWL/RDF” but rather a more powerful story of “UML AND OWL/RDF”.  As Cory correctly stated, you can take a model in UML and convert it to OWL/RDF.  For that matter, you can take OWL/RDF and represent it as UML  (I built a tool to do exactly that for generating ontology documentation).  I will admit, the UML->OWL/RDF converts I’ve attempted to use lack robustness, flexibility, and generally need a lot of “hand crafting” after the fact and any attempt at round-tripping is a bust IMHO.  In general, I’d agree that I would rather model using UML notation but export the conceptual data model in OWL/RDF; the textual representation of OWL/RDF (RDF/XML, Turtle, Ntriples, JSON-LD) aren’t the easiest formats - It would be like writing the UML model using XMI.  

I generally agree with most of the points that Cory outlined below, especially Linked Open Data and Inferencing are very different – BUT not mutually exclusive.  OWL/RDF is very well suited for graph representations and can be easily “flattened”.  In addition, it doesn’t dictate the physical storage model, which could be done using a relational DB, NoSQL, graph, etc.  And depending upon the serialization format chosen, it can be built on top technology that permits you to have both graph and more traditional tabular form.  I also agree, the graph is a solid foundation on which to build.  Where I have a difference of opinion is to avoid the use of OWL.  

Avoiding OWL because you can do inferencing that may today require in-memory techniques isn’t a good reason IMHO to avoid it.  One can easily use OWL ‘Lite’ and not immediately leverage some of the inferencing possibilities with out any harm.  OWL uses inferencing to handle a number of the relationship semantics WITHOUT having to load all of the instances into memory.  A following a some good design techniques many of the pitfalls seen with early implementations of inferencing can be avoid.  Because of the extensibility, it is easy to extend the OWL/RDF with additional capabilities without changing the fundamental data model in most cases.  The key here isn’t to try to leverage every feature in OWL/RDF initially but to lay an architectural foundation on which it could be built later without having to start over.  Additionally, OWL/RDF doesn’t require the web or networking to be utilized, nor does it limited to being utilized in the initial concept of the Semantic Web.  

As Cory mentioned, the use of SPARQL instead of say SQL, enables but doesn’t require federated query (which isn’t an initial goal for this community) but lays the foundation again for its use going forward – but this is another form of access that doesn’t need to be exposed given the kind of sharing models this community is discussing.  While the concepts of Linked Open Data and inferencing are very different, they are NOT mutually exclusive.  Most of today’s use of Linked Open Data is focused on finding other web pages for humans that are relevant.

As I stated in the beginning, I’m in generally agreement with most of Cory’s points and IMHO I think we get a better model, with stronger semantics by combining the use of UML and OWL/RDF and yet in both cases haven’t dictated a particular implementation strategy.  I believe the combination provides a solid foundation from which implementations can more easily be built.

Just my .02 cents


Paul Patrick




From: <[hidden email]> on behalf of Cory Casanave
Date: Monday, September 28, 2015 at 2:59 PM
To: "Bush, Jonathan", Shawn Riley, "[hidden email]"
Subject: RE: [cti-users] Re: Research Paper

In the “Semweb” community there is a difference between “linked open data” (Mostly RDF) and inferencing (mostly OWL, which can be represented in RDF).  Both are graphs. OWL adds formal first order logic capabilities. The graph query language they have defined is “SPARQL” and works across both. RDF is a web based graph data model (there are others), with multiple representations including XML and JSON.

 

Graph data representations and queries like this work well when you want a lot of flexibility to subset and structure the data in various ways for different purposes, viewpoints and communities. If you have very fixed requirements you may be able to “flatten” it into a table or hierarchical structure. So different use cases may point you to a graph, flat or hierarchical structure for the same information. IMHO what you want is all of the above, you don’t want to get locked into any single perspective and representation. If one is foundational, the graph is the way to go.

 

OWL sounds great in that some of the inferences can infer new data from others. BUT, OWL inference as is implemented and used today is mostly an expensive in-memory computation. RDF assumes loosely coupled data in a very distributed model (linked open data). LOD allows reference to information on the web without the need to copy everything. So I would think a LOD graph of CTI data would be very interesting. I’m going to draw flies with this – but I would stay away from OWL (or perhaps use a very reduced subset of it, sometimes called RDF++). The reason is that OWL puts limits on your graph representation (so the OWL inferences can work) and to really take advantage of it you really need all data in memory. Of course tools could use OWL internally to process CTI data.

 

If you look at your underlying model as a graph, you can always flatten it for specific use cases.

 

To define this graph model I would still use UML, it can be mapped to OWL or RDF and is much more understandable than the text based OWL/RDF tools.

 

-Cory Casanave

 

From: [hidden email] [[hidden email]] On Behalf Of Bush, Jonathan
Sent: Monday, September 28, 2015 11:21 AM
To: 'Shawn Riley'; [hidden email]
Subject: RE: [cti-users] Re: Research Paper

 

I do like this because it separates conceptual design from implementation, but I have a bit of a knowledge gap in the OWL area.  Question – How would we get from this sort of thinking to implementation (which is of course still important)?

 

From:[hidden email] [[hidden email]] On Behalf Of Shawn Riley
Sent: Monday, September 28, 2015 9:57 AM
To: [hidden email]
Subject: [cti-users] Re: Research Paper

 

Hi folks, I've had a few people follow up asking where they could learn more about knowledge engineering and semantic web technologies since that was a key focus on the science of cybersecurity research paper. I just learned of a new Massively Open Online Course (MOOC) on Knowledge Engineering and Semantic Web Technologies that is FREE and open to everyone! I posted more information in a couple blogs posts for those interested. I know there are a number of us in the STIX, CYBOX, MSM community focused on the knowledge engineering side using semantic web technologies so while this is slightly off topic, I hope you find this information of value. 

 

LinkedIn

 

PeerLyst

 

On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:

Hi Folks,

 

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

 

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

 

The paper can be downloaded from LinkedIn's Slideshare.

 

Best,

Shawn

 

Shawn Riley

Executive Vice President

Centre for Strategic Cyberspace + Security Science

London, England, UK - Washington, DC, USA

 

 


DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses.  The company accepts no liability for any damage caused by any virus transmitted by this email.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[cti-users] REQUEST FAILURE FOR Re: [cti-users] REMOVE ME FROM THIS MAILINGLIST PLEASE

OBrienTG
In reply to this post by Yilmaz, Mustafa
I am sorry, but your request was not in the correct STIX/TAXII format.

Please resubmit following the directions per the notification email
provided from MITRE


On 9/29/15 6:03 AM, Yilmaz, Mustafa wrote:

> Hi,
>
> Could you remove me from this mailinglist please?
> Met vriendelijke groeten,
>
> s1075935 - Mustafa Yilmaz
> [hidden email] <mailto:[hidden email]>
>
>
>
>> Op 29 sep. 2015, om 14:58 heeft Shawn Riley <[hidden email]
>> <mailto:[hidden email]>> het volgende geschreven:
>>
>> Hi folks-
>>
>> In addition to the request for more information about knowledge
>> engineering and semantic web technology, I had quite a few requests
>> for additional information on another key focus of the CSCSS Science
>> of Cybersecurity paper, Activity-Based Intelligence. The following
>> articles and slide decks from the Defense and Intelligence Community
>> might provide some additional information and insights to help
>> understand why we wanted to show how this could be applied to
>> cybersecurity to advance cyber intelligence analysis tradecraft and
>> better enable organizations to understand the cybersecurity of their
>> ecosystem. (This is the last follow up, there were just to many people
>> with questions on this topic not to send a wider response.)
>>
>> *Activity-Based Intelligence: Revolutionizing Military Intelligence
>> Analysis*
>>
>> http://ndupress.ndu.edu/Media/News/NewsArticleView/tabid/7849/Article/581866/jfq-77-activity-based-intelligence-revolutionizing-military-intelligence-analys.aspx
>>
>> *DIA Modernizing Defense Intelligence: Object-Based Production and
>> Activity-Based Intelligence*
>>
>> https://www.ncsi.com/diaid/2013/presentations/johnston.pdf
>>
>> *NGA Activity Based Intelligence slide deck*
>>
>> http://usgif.org/system/uploads/3357/original/ABI_Slides_Approved_for_Public_Release_13-231_1_.pdf
>>
>> *Activity Based Intelligence: Understanding the Unknown*
>>
>> http://www.afio.com/publications/LONG_Tish_in_AFIO_INTEL_FALLWINTER2013_Vol20_No2.pdf
>>
>> Those looking for my CSCSS Science of Cybersecurity paper, the paper
>> can be downloaded from:
>>
>> *LinkedIn's Slideshare: *
>> http://www.slideshare.net/shawnriley2/cscss-science-of-security-developing-scientific-foundations-for-the-operational-cybersecurity-ecosystem
>> <http://www.slideshare.net/shawnriley2/cscss-science-of-security-developing-scientific-foundations-for-the-operational-cybersecurity-ecosystem&lt;/a&gt;%C2%A0&lt;/p&gt;&lt;p&gt;&lt;strong&gt;or>
>>
>> *or from the CSCSS web site:*
>> http://cscss.org/wp-content/uploads/2015/08/CSCSS-Science-of-Security-Developing-Scientific-Foundations-for-the-Operational-Cybersecurity-Ecosystem.pdf
>> <http://cscss.org/wp-content/uploads/2015/08/CSCSS-Science-of-Security-Developing-Scientific-Foundations-for-the-Operational-Cybersecurity-Ecosystem.pdf&lt;/a&gt;&lt;/p&gt;&lt;p&gt;&lt;strong&gt;or>
>>
>> *or from ResearchGate:*
>> https://www.researchgate.net/publication/280949461_Science_of_Cybersecurity_-_Developing_Scientific_Foundations_for_the_Operational_Cybersecurity_Ecosystem
>> <https://www.researchgate.net/publication/280949461_Science_of_Cybersecurity_-_Developing_Scientific_Foundations_for_the_Operational_Cybersecurity_Ecosystem&lt;/a&gt;&lt;br&gt;&lt;br&gt;Cyber>
>>
>> Best regards,
>>
>> Shawn
>>
>>
>> On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>>     Hi Folks,
>>
>>     Back in 2012 when STIX was released, the white paper included a
>>     mention of other possible implementations such as semantic web
>>     (OWL/RDF) and JSON-centric. We've had Bret share details on his
>>     JSON efforts with the list so I wanted to take the opportunity to
>>     share our research paper on using semantic web technologies
>>     (OWL/RDF) with the group. This isn't marketing as there is no
>>     company or product mentioned. Rather, we're just sharing knowledge
>>     based on our international research efforts. Given the ongoing
>>     debate over XML vs JSON, we thought it would also be good to show
>>     how both of these could be supported using the semantic technology
>>     approach.
>>
>>     In many ways our research "connected the dots" between existing
>>     cybersecurity efforts across different government agencies that
>>     have been identified by the government as the way forward. From
>>     the Science of Security championed by National Security Agency and
>>     National Science Foundation, to the Cybersecurity Measurement and
>>     Management Architecture championed by the Department of Homeland
>>     Security and the Department of Defense, and the revolutionary
>>     intelligence methodologies (object-based production /
>>     activity-based intelligence) championed by the Intelligence
>>     Community and particularly the National Geospatial-Intelligence
>>     Agency.
>>
>>     While each of these cybersecurity and intelligence efforts can
>>     stand on its own and provide great benefit, bringing these efforts
>>     together demonstrates how each agency's investments can see a
>>     greater return on investment by working together to develop
>>     scientific foundations for the operational cybersecurity
>>     ecosystem. Just like we need infrastructure in areas like
>>     Meteorology to understand and predict the weather we need
>>     operational cybersecurity science infrastructure to understand and
>>     predict events in our cyber ecosystem of the future.
>>
>>     The paper can be downloaded from LinkedIn's Slideshare.
>>     http://www.slideshare.net/shawnriley2/cscss-science-of-security-developing-scientific-foundations-for-the-operational-cybersecurity-ecosystem
>>
>>     Best,
>>     Shawn
>>
>>     Shawn Riley
>>     Executive Vice President
>>     Centre for Strategic Cyberspace + Security Science
>>     London, England, UK - Washington, DC, USA
>>
>>
>
> Op deze e-mail zijn de voorwaarden van toepassing als vermeld op:
> The following conditions apply to this e-mail:
> http://www.hsleiden.nl/disclaimer-email
>


signature.asc (888 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[cti-users] Re: REMOVE ME FROM THIS MAILINGLIST PLEASE

Trey Darley-3
In reply to this post by Walsh, Michael J.



Cheers,
Trey
--
Trey Darley
Senior Security Engineer
Soltra | An FS-ISAC & DTCC Company
www.soltra.com



From: [hidden email] <[hidden email]> on behalf of Walsh, Michael J. <[hidden email]>
Sent: Tuesday, September 29, 2015 18:18
To: Shulman, Gil; Yilmaz, Mustafa; Shawn Riley
Cc: [hidden email]
Subject: [cti-users] Re: REMOVE ME FROM THIS MAILINGLIST PLEASE
 



Let me send out the reminder.  You're not done if steps 1-3 don't work cuz you are short of step 4.

-Michael
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[cti-users] Re: Research Paper

Shawn Riley
In reply to this post by Shawn Riley
Hi Folks, 

Just wanted to do a quick follow up on this given the ongoing discussions about RDF and JSON-LD. It's worth pointing out that "Activity-based intelligence" which is being hailed by DNI Clapper as "Revolutionary" is enabled by RDF.  Do a search for "Activity-based intelligence" and look at the job opening and specifically the skills/technology sections of the job advertisement. 

Shawn

On Tue, Sep 29, 2015 at 8:58 AM, Shawn Riley <[hidden email]> wrote:

Hi folks-

In addition to the request for more information about knowledge engineering and semantic web technology, I had quite a few requests for additional information on another key focus of the CSCSS Science of Cybersecurity paper, Activity-Based Intelligence. The following articles and slide decks from the Defense and Intelligence Community might provide some additional information and insights to help understand why we wanted to show how this could be applied to cybersecurity to advance cyber intelligence analysis tradecraft and better enable organizations to understand the cybersecurity of their ecosystem. (This is the last follow up, there were just to many people with questions on this topic not to send a wider response.)

Activity-Based Intelligence: Revolutionizing Military Intelligence Analysis

http://ndupress.ndu.edu/Media/News/NewsArticleView/tabid/7849/Article/581866/jfq-77-activity-based-intelligence-revolutionizing-military-intelligence-analys.aspx

DIA Modernizing Defense Intelligence: Object-Based Production and Activity-Based Intelligence

https://www.ncsi.com/diaid/2013/presentations/johnston.pdf

NGA Activity Based Intelligence slide deck

http://usgif.org/system/uploads/3357/original/ABI_Slides_Approved_for_Public_Release_13-231_1_.pdf

Activity Based Intelligence: Understanding the Unknown

http://www.afio.com/publications/LONG_Tish_in_AFIO_INTEL_FALLWINTER2013_Vol20_No2.pdf

Those looking for my CSCSS Science of Cybersecurity paper, the paper can be downloaded from:

LinkedIn's Slideshare: 
http://www.slideshare.net/shawnriley2/cscss-science-of-security-developing-scientific-foundations-for-the-operational-cybersecurity-ecosystem 

or from the CSCSS web site:
http://cscss.org/wp-content/uploads/2015/08/CSCSS-Science-of-Security-Developing-Scientific-Foundations-for-the-Operational-Cybersecurity-Ecosystem.pdf

or from ResearchGate:
https://www.researchgate.net/publication/280949461_Science_of_Cybersecurity_-_Developing_Scientific_Foundations_for_the_Operational_Cybersecurity_Ecosystem

Best regards,

Shawn


On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:
Hi Folks,

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

The paper can be downloaded from LinkedIn's Slideshare.

Best,
Shawn

Shawn Riley
Executive Vice President
Centre for Strategic Cyberspace + Security Science
London, England, UK - Washington, DC, USA



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: [cti-users] RE: REMOVE ME FROM THIS MAILINGLIST PLEASE

Diego Sappa
In reply to this post by Man Nguyen
Please Remove me from this mailing list.



From: [hidden email]
To: [hidden email]; [hidden email]; [hidden email]
CC: [hidden email]
Date: Tue, 29 Sep 2015 16:20:25 +0000
Subject: [cti-users] RE: REMOVE ME FROM THIS MAILINGLIST PLEASE

Me three please.

 

Man

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Shulman, Gil
Sent: Tuesday, September 29, 2015 6:29 AM
To: Yilmaz, Mustafa <[hidden email]>; Shawn Riley <[hidden email]>
Cc: [hidden email]
Subject: [cti-users] RE: REMOVE ME FROM THIS MAILINGLIST PLEASE

 

Me too please

 

From: [hidden email] [[hidden email]] On Behalf Of Yilmaz, Mustafa
Sent: Tuesday, September 29, 2015 4:03 PM
To: Shawn Riley <[hidden email]>
Cc: [hidden email]
Subject: [cti-users] REMOVE ME FROM THIS MAILINGLIST PLEASE

 

Hi,

 

Could you remove me from this mailinglist please?

Met vriendelijke groeten,

 

s1075935 - Mustafa Yilmaz

 

 

 

Op 29 sep. 2015, om 14:58 heeft Shawn Riley <[hidden email]> het volgende geschreven:

 

Hi folks-

In addition to the request for more information about knowledge engineering and semantic web technology, I had quite a few requests for additional information on another key focus of the CSCSS Science of Cybersecurity paper, Activity-Based Intelligence. The following articles and slide decks from the Defense and Intelligence Community might provide some additional information and insights to help understand why we wanted to show how this could be applied to cybersecurity to advance cyber intelligence analysis tradecraft and better enable organizations to understand the cybersecurity of their ecosystem. (This is the last follow up, there were just to many people with questions on this topic not to send a wider response.)

Activity-Based Intelligence: Revolutionizing Military Intelligence Analysis

http://ndupress.ndu.edu/Media/News/NewsArticleView/tabid/7849/Article/581866/jfq-77-activity-based-intelligence-revolutionizing-military-intelligence-analys.aspx

DIA Modernizing Defense Intelligence: Object-Based Production and Activity-Based Intelligence

https://www.ncsi.com/diaid/2013/presentations/johnston.pdf

NGA Activity Based Intelligence slide deck

http://usgif.org/system/uploads/3357/original/ABI_Slides_Approved_for_Public_Release_13-231_1_.pdf

Activity Based Intelligence: Understanding the Unknown

http://www.afio.com/publications/LONG_Tish_in_AFIO_INTEL_FALLWINTER2013_Vol20_No2.pdf

Those looking for my CSCSS Science of Cybersecurity paper, the paper can be downloaded from:

LinkedIn's Slideshare: 
http://www.slideshare.net/shawnriley2/cscss-science-of-security-developing-scientific-foundations-for-the-operational-cybersecurity-ecosystem 

or from the CSCSS web site:
http://cscss.org/wp-content/uploads/2015/08/CSCSS-Science-of-Security-Developing-Scientific-Foundations-for-the-Operational-Cybersecurity-Ecosystem.pdf

or from ResearchGate:
https://www.researchgate.net/publication/280949461_Science_of_Cybersecurity_-_Developing_Scientific_Foundations_for_the_Operational_Cybersecurity_Ecosystem

Best regards,

Shawn

 

On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:

Hi Folks,

 

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

 

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

 

The paper can be downloaded from LinkedIn's Slideshare.

 

Best,

Shawn

 

Shawn Riley

Executive Vice President

Centre for Strategic Cyberspace + Security Science

London, England, UK - Washington, DC, USA

 

 

 

Op deze e-mail zijn de voorwaarden van toepassing als vermeld op:
The following conditions apply to this e-mail:
http://www.hsleiden.nl/disclaimer-email

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: [cti-users] RE: REMOVE ME FROM THIS MAILINGLIST PLEASE

Terry MacDonald-3

Hi Diego,

 

You are able to remove yourself from this email list.

 

1.       PLEASE do NOT send a message to the list itself!  PLEASE!

 

2.       Instead, send an email message to the mailing list server[hidden email]

 

3.       The server will respond to your message with a request for confirmation: when you receive it, reply to that email message

 

4.       If the instructions above are unclear, or if steps 2-3 seem to fail, please email (offline, without any CC to the list): [hidden email]

 

Cheers

 

Terry MacDonald

Senior STIX Subject Matter Expert

SOLTRA | An FS-ISAC and DTCC Company

+61 (407) 203 206 | [hidden email]

 

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Diego Sappa
Sent: Tuesday, 3 November 2015 7:48 AM
To: [hidden email]
Subject: RE: [cti-users] RE: REMOVE ME FROM THIS MAILINGLIST PLEASE

 

Please Remove me from this mailing list.


From: [hidden email]
To: [hidden email]; [hidden email]; [hidden email]
CC: [hidden email]
Date: Tue, 29 Sep 2015 16:20:25 +0000
Subject: [cti-users] RE: REMOVE ME FROM THIS MAILINGLIST PLEASE

Me three please.

 

Man

 

From: [hidden email] [[hidden email]] On Behalf Of Shulman, Gil
Sent: Tuesday, September 29, 2015 6:29 AM
To: Yilmaz, Mustafa <[hidden email]>; Shawn Riley <[hidden email]>
Cc: [hidden email]
Subject: [cti-users] RE: REMOVE ME FROM THIS MAILINGLIST PLEASE

 

Me too please

 

From: [hidden email] [[hidden email]] On Behalf Of Yilmaz, Mustafa
Sent: Tuesday, September 29, 2015 4:03 PM
To: Shawn Riley <[hidden email]>
Cc: [hidden email]
Subject: [cti-users] REMOVE ME FROM THIS MAILINGLIST PLEASE

 

Hi,

 

Could you remove me from this mailinglist please?

Met vriendelijke groeten,

 

s1075935 - Mustafa Yilmaz

 

 

 

Op 29 sep. 2015, om 14:58 heeft Shawn Riley <[hidden email]> het volgende geschreven:

 

Hi folks-

In addition to the request for more information about knowledge engineering and semantic web technology, I had quite a few requests for additional information on another key focus of the CSCSS Science of Cybersecurity paper, Activity-Based Intelligence. The following articles and slide decks from the Defense and Intelligence Community might provide some additional information and insights to help understand why we wanted to show how this could be applied to cybersecurity to advance cyber intelligence analysis tradecraft and better enable organizations to understand the cybersecurity of their ecosystem. (This is the last follow up, there were just to many people with questions on this topic not to send a wider response.)

Activity-Based Intelligence: Revolutionizing Military Intelligence Analysis

http://ndupress.ndu.edu/Media/News/NewsArticleView/tabid/7849/Article/581866/jfq-77-activity-based-intelligence-revolutionizing-military-intelligence-analys.aspx

DIA Modernizing Defense Intelligence: Object-Based Production and Activity-Based Intelligence

https://www.ncsi.com/diaid/2013/presentations/johnston.pdf

NGA Activity Based Intelligence slide deck

http://usgif.org/system/uploads/3357/original/ABI_Slides_Approved_for_Public_Release_13-231_1_.pdf

Activity Based Intelligence: Understanding the Unknown

http://www.afio.com/publications/LONG_Tish_in_AFIO_INTEL_FALLWINTER2013_Vol20_No2.pdf

Those looking for my CSCSS Science of Cybersecurity paper, the paper can be downloaded from:

LinkedIn's Slideshare: 
http://www.slideshare.net/shawnriley2/cscss-science-of-security-developing-scientific-foundations-for-the-operational-cybersecurity-ecosystem 

or from the CSCSS web site:
http://cscss.org/wp-content/uploads/2015/08/CSCSS-Science-of-Security-Developing-Scientific-Foundations-for-the-Operational-Cybersecurity-Ecosystem.pdf

or from ResearchGate:
https://www.researchgate.net/publication/280949461_Science_of_Cybersecurity_-_Developing_Scientific_Foundations_for_the_Operational_Cybersecurity_Ecosystem

Best regards,

Shawn

 

On Sun, Aug 23, 2015 at 7:43 AM, Shawn Riley <[hidden email]> wrote:

Hi Folks,

 

Back in 2012 when STIX was released, the white paper included a mention of other possible implementations such as semantic web (OWL/RDF) and JSON-centric. We've had Bret share details on his JSON efforts with the list so I wanted to take the opportunity to share our research paper on using semantic web technologies (OWL/RDF) with the group. This isn't marketing as there is no company or product mentioned. Rather, we're just sharing knowledge based on our international research efforts. Given the ongoing debate over XML vs JSON, we thought it would also be good to show how both of these could be supported using the semantic technology approach. 

 

In many ways our research "connected the dots" between existing cybersecurity efforts across different government agencies that have been identified by the government as the way forward. From the Science of Security championed by National Security Agency and National Science Foundation, to the Cybersecurity Measurement and Management Architecture championed by the Department of Homeland Security and the Department of Defense, and the revolutionary intelligence methodologies (object-based production / activity-based intelligence) championed by the Intelligence Community and particularly the National Geospatial-Intelligence Agency.

 

While each of these cybersecurity and intelligence efforts can stand on its own and provide great benefit, bringing these efforts together demonstrates how each agency's investments can see a greater return on investment by working together to develop scientific foundations for the operational cybersecurity ecosystem. Just like we need infrastructure in areas like Meteorology to understand and predict the weather we need operational cybersecurity science infrastructure to understand and predict events in our cyber ecosystem of the future.

 

The paper can be downloaded from LinkedIn's Slideshare.

 

Best,

Shawn

 

Shawn Riley

Executive Vice President

Centre for Strategic Cyberspace + Security Science

London, England, UK - Washington, DC, USA

 

 

 

Op deze e-mail zijn de voorwaarden van toepassing als vermeld op:
The following conditions apply to this e-mail:
http://www.hsleiden.nl/disclaimer-email

Loading...