Add to my Schedule Holeman Lounge Borderless Cyber Track (BC)
Oct 08, 2019 01:45 PM - 02:15 PM (UTC)
20191008T1345 20191008T1415 UTC BC Track: DODCAR Overview: Standardizing and Automating Cyber Threat Understanding for Threat-based, Cybersecurity Assessments The DoDCAR performs threat-based, cybersecurity architecture assessments to ensure DoD leadership has the insight and knowledge to make well-informed, prioritized cybersecurity investment decisions to... Holeman Lounge Borderless Cyber USA / Washington, D.C. / 8-10 October 2019 events@oasis-open.org

The DoDCAR performs threat-based, cybersecurity architecture assessments to ensure DoD leadership has the insight and knowledge to make well-informed, prioritized cybersecurity investment decisions to enable dependable mission execution on the unclassified and classified environments. This approach establishes a threat-based, analysis-driven, repeatable process to synchronize and balance cybersecurity investments, minimize redundancies, eliminate inefficiencies, and improve all-around mission performance. The DODCAR framework provides a foundation for automation through a data standardization and tagging framework to develop analytics and machine learning in cyber security.


This talk will provide an overview and deeper understanding of the DODCAR methodology and its objectives, and to lay a foundation for data standards and tagging to help better understand cyber threat for the whole cybersecurity community.




The Department of Defense Cybersecurity Analysis and Review (DoDCAR) is sponsored by the Department of Defense (DoD) Chief Information Officer (CIO) Deputy CIO for Cybersecurity, National Security Agency (NSA) Deputy National Manager for National Security Systems, and the Defense Information Systems Agency (DISA) Director. DoDCAR performs threat-based, cybersecurity architecture assessments to ensure DoD leadership has the insight and knowledge to make well-informed, prioritized cybersecurity investment decisions to enable dependable mission execution on the unclassified and classified environments. DODCAR objectives are twofold:

  • Support the Cybersecurity Reference Architecture for the DOD Information Networks (DODIN) based on an end-to-end holistic review of the current cyber security capabilities and planned cybersecurity capabilities based on threats

  • Provide observations, affirmations and prioritized recommendations focused on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) functions, such as Identify, Protect, Detect and Respond


The DODCAR approach establishes a threat-based, analysis-driven, repeatable process to synchronize and balance cybersecurity investments, minimize redundancies, eliminate inefficiencies, and improve all-around mission performance. This approach also provides the insight and knowledge necessary to support effective, prioritized, and integrated cybersecurity capability investments. The end goal of the DODCAR methodology is to talk about cyber security within the framework so everyone can understand, regardless of their technical background or level of expertise. Communication of a threat prior to DODCAR is often explained through the Godzilla analogy. That is, if the architects and engineers see Godzilla from the lower floors of the building, they would see feet, but the system administrators see knees, and so on up to the operators and executives who just see the teeth. Because IT network engineers see and fear things differently than operators/users, it makes the discussion of cyber threat and potential solutions quite difficult based on the differing perspectives.


The standardization of cyber data is a prevailing problem as we buy technologies that are not standardized. Metadata and data tags have been initially normalized through efforts like OASIS' STIX/TAXII. This, however, offers a low-level view of data normalization because we still cannot talk about threat holistically from a single perspective, and we do not have a standard framework to view cyber threat. Data governance, through NIST and Department of Defense (DoD) wide implementation policies, is currently being established to ensure the normalization of cyber data. This normalization will become the foundation for us to look at big data and to create analytics and machine learning from the government's perspective. 


Key take-aways:

  • To provide an overview and deeper understanding of the DODCAR methodology and its objectives
  • To lay a foundation for data standards and tagging to help better understand cyber threat for the whole cybersecurity community