In part 1 of the Cyber Security and Semantics series we discussed some of the highlights of how or where semantics may help transform the practice of Cyber Security. To understand the full implications of why Semantics and Semantic Technology is so crucial for Cyber Security we need to examine more of the problem space associated with.

Cyber Security can be viewed in a number of different contexts and each of them are equally valid in their right – these contexts include:

–    The Process Context
–    The Capability Context
–    The Behavioral Context
–    A System or Technical Context
–    The Threat and Outcome Context

For those familiar with IT security practice, the Information Technology Infrastructure Library or ITIL framework represents a process context with some emphasis on capabilities and technology. For those who have to design and manage data centers, the ITIL reference model and process library helps to ensure that standard practices and architectures can be applied. As ITIL has evolved it has expanded into a more comprehensive lifecycle management approach for IT services. It has been used as a guidepost for many software and hardware vendors who have used it to improve data interoperability and product integration.
ITIL v.3
 
 
 

Information Assurance (IA) on the other hand, is somewhat less specific in nature. It is more Capability Focused and is built around the core premises of:

–    Confidentiality
–    Integrity
–    Availability
–    Authentication
–    Authenticity
–    Non-repudiation
Information Assurance
 
 
 

This translates roughly into a reference architecture which is sometimes called “NETOPS” in military circles. NETOPS generally includes Situational Awareness, Command and Control as well as traditional network and communication infrastructure management. As in all cases in IT – the upper level taxonomy drives the technical architectures for all systems that fit within those capability categories. Change the taxonomy or expectations at the top and it drives significant technical impacts rippling down through the rest of the ecosystem – just as changing data forces system changes. At least that’s how it works today without a strong focus on Semantic Engineering and Integration.

The thing to keep in mind here is that all of these constructs and many others can be modeled using a variety of semantic tools or techniques. The ITIL library began as a taxonomy, Information Assurance could be captured as an Ontology or even RDF triple graphs. These basic semantic constructs can then fed into any number of enterprise architecture framework representations. These then can serve as the basis for more specific guidance on requirements, policy or even technical configurations.

So, as we’ve seen from even a cursory look at the Semantic underpinnings of IT security practice, there is a variety of ways to view or manage it. As you delve deeper, the variety extends into literally hundreds of different directions, although most of fits with the basic high-level contexts we described at the beginning.

Why is all of this important? The most difficult part of Cyber Security is the fact that we’ve finally recognized that we’re all in the same boat metaphorically, and perhaps literally – Cyber Security forces us to move towards Cross-Domain solutions. We can no longer manage one enclave at a time – threats and Cyber attack behaviors now extend beyond traditional firewall perimeters to include ‘sets’ of targets and this can occur over time or in real time or both.

This means we need to be able merge existing security models to achieve coordinated and collaborative solutions. ITIL based systems and practices must interact with non-ITIL based systems and practices and all must operate under a more sophisticated model for Threat Management. 

In part three, we will define Threat Management and explain why Semantic Technology is the best available approach to support it…