Duncan Sparrell

Award winning (US Intelligence Community Seal Medallion, AT&T Science & Technology Medal) cybergeek; Chief Cyber Curmudgeon at sFractal Consulting

Responding to Cyber Attack at Machine Speed

Cyber-attacks are increasing in terms of sophistication, speed and dynamics. Advanced cyber actors (and even script kiddies) are utilizing automation with adaptive tradecraft and these trends are likely to continue. A key enabler for the realization of more flexible and interoperable cyber defense components is standardizing interfaces & protocols to facilitate interoperability and integration. OpenC2.org was founded to standardize machine-to-machine command & control (openC2) to enable cyber defense system interoperability at machine speeds. The author believes that there is an economic driver for adoption even prior to automated defense, ie that having a standard interface to perform security command & control avoids the vendor lock-in that results from today’s proprietary interfaces.

Ocas is an open source openC2 simulator developed in erlang by the author for:

  • Validating the openC2 language specification,
  • Simulating an openC2 interface for the purpose of testing a product which produces openC2,
  • Simulating an enclave/network from an openC2 orchestrator perspective for the purposes of evaluating a playbook (automated response to particular trigger) from either the blue-team or red-team perspective.

The talk will begin with the problem openC2 is trying to solve and a review of openC2, its use cases, and current status. Then a case will be made for why erlang is the right language for developing security applications. Ocas will be described including use cases, the design choices made in ocas development, the software architecture and code base. The talk will end with a live demo.

Talk objectives:

This talk aims to:

  • educate everyone (at least a little bit) in cybersecurity,
  • explain why erlang is great for developing cybersecurity software,
  • introduce the concepts of openC2 (how to respond to attack in near realtime),
  • introduce ocas - an open source openC2 simulator in erlang,
  • an unabashed plea for help both with cybersecurity in general and ocas in particular - and why the erlang community will benefit

Target Audience:

This talk is aimed at developers of cybersecurity technologies and at enterprise network operators; but should have something for everyone.

View Slides Here


Duncan Sparrell is a seasoned (aka old) software developer and network security evangelist. He graduated back when computers were the size of buildings and programmed with punch cards. He is semi-retired and trying to give back to the community while pursuing his interests in cloud security, agile, secure software development, and erlang. Most of his cyber experience is blue team (defense) but he kick-started his cyber chops as part of a CNA (offense) team during first Gulf War. Besides having various certs (CSSIP, CSSLP, CCSK, PE), he was awarded the Intelligence Community Seal Medallion, and the AT&T Science and Technology Medal. His PGP fingerprint is "A870 5F67 00F9 D3FC ECD1 2D97 2A42 E870 6A4E EC12".

Twitter: @dsparrell
Github: sparrell