Threats and risks are increasingly multi-dimensional in nature – spanning both physical and cyber space across multiple domains, (i.e. critical infrastructure, cyber, health and human services, public safety).
There is a critical need to share threat and risk information across these domains. A community of interest (COI) with standards can help spearhead the integration of threat & risk management and situational awareness along with the standards, technologies and capabilities to counter multi-dimensional threats.
Threat information sharing enables system engineers and architects to build systems-of-systems that implement and leverage the capabilities to share threats (and potentially actual attacks) across different organizations, IT systems and standards. To enable threat sharing across different protocol platforms and systems, a platform-independent model of threats is needed for establishing a common understanding.
The Object Management Group® (OMG®) System Assurance Task Force in collaboration with the Government Domain Task Force has issued a Request for Proposal (RFP) for a Unified Modeling Language (UML®) Threat & Risk Model. The RFP called for a conceptual model for operational threats and risks that unifies the semantics of and can provide a bridge across multiple threat and risk schema and interfaces. The conceptual model will be informed by high-level concepts as defined by the cyber domain (E.G. STIX), existing NIEM domains and other applicable domains, but is not specific to those domains. This will enable combined cyber, physical, criminal, and natural threats and risks to be federated, understood, and responded to effectively. The conceptual model will then be mapped to multiple exchange schema to provide for federated analytics of information from multiple sources as well as translation between exchange formats.
Implementations of this standard will “connects the dots” between dispirit information sources and translate between different formats and vocabularies using standards-based solutions based on a common understanding of threats (and potentially actual attacks). These solutions will leverage their capabilities to share threats regardless of the technology, schema, organization or domain.