Chief Cyber Curmudgeon (SFractal Consulting)
Duncan Sparrell is a seasoned (aka old) software developer and network security evangelist. He graduated back when computers were the size of buildings and programmed with punch cards. He is semi-retired and trying to give back to the community while pursuing his interests in cloud security, agile, secure software development, open source, and erlang. Most of his cyber experience is blue team (defense) but he kick-started his cyber chops as part of a USAF attack team during the first Gulf War. Besides having various certs (CSSIP, CSSLP, CCSK, PE), he was awarded the Intelligence Community Seal Medallion, and the AT&T Science and Technology Medal.
This presentation will be about the intersection of 3 topics I care deeply about: Erlang, Cybersecurity, Open Source; and how those topics are combined in OpenC2, a new standard being developed for Command and Control (C2) for cyber security technologies. Cyber-attacks are increasing in terms of sophistication, speed and dynamics. Advanced cyber actors (and even script kiddies) are utilizing automation with adaptive tradecraft and these trends are likely to continue. A key enabler for the realization of more flexible and interoperable cyber defense components is standardizing interfaces & protocols to facilitate interoperability and integration. The OpenC2 Technical Committee in OASIS was founded to standardize machine-to-machine command & control (openC2) to enable cyber defense system interoperability at machine speeds. Ocas is an open source openC2 simulator developed in Erlang by the author for: • Validating the openC2 language specification • Simulating openC2 interfaces for the purpose of testing a product which produces openC2 • Simulating an entire network of security devices from an openC2 perspective for the purposes of evaluating a playbook (automated response to particular trigger) from either the blue- team or red-team perspective • code reuse by other open source security projects (eg openc2 interface to your favorite security technology) The talk will begin with the problem openC2 is trying to solve and a review of openC2, its use cases, and current status. Then a case will be made for why erlang is the right language for developing security applications. Ocas will be described including use cases, the design choices made in ocas development, the software architecture & code base, next steps, and the talk will end with a live demo.