Cyber Security Work at OMG - Task Force Levels

A Summary of the 2021 UAF Summit including Q&A with the presenters.

An Enterprise Architecture (EA) Guide is being developed to become part of the UAF standard to help people better utilize features of the UAF modeling approach.

The Department of Veterans Affairs (VA) is in the process of migrating from a legacy EHR to the same COTS EHR currently being rolled out by the Department of Defense (DoD). To support this multi-billion dollar, multi-year program, VA is using the UAF as a standardized architecture framework to facilitate architectural collaboration across a diverse set of program stakeholders. The presentation discusses the approach and some of the lessons learned in this endeavor. Recorded at the UAF Summit March 24, 2021

This presentation features introduction to the event and introduction to Unified Architecture Framework (UAF), its purpose, adoption, and the roadmap. It highlights what's new in the upcoming UAF 1.2 version and presents different threads the UAF Working Group in OMG is currently working on like Enterprise Architecture Guide (EAG) and Architecture Reference Model (ARM).

The Autonomous Ground Vehicle Reference Architecture (AGVRA) is a set of guidelines to enable the robotics community to fulfill the Army’s Robotic and Autonomous System (RAS) commonality objectives by establishing an affordable means to deliver advanced capability to the Warfighter by utilizing architectural best practices and standards. It broadly increases the understanding of open standards and architectures for RAS and increases innovation by reducing the integration burden on nontraditional vendors. This presentation looks at generating operational architecture models at and within the system level using agents within a reference architecture approach. A profile was created on top of the UAF to enable the specification of the architecture in a Domain Specific Language (DSL). Project application discussion included.

The presentation describes the concept of electric roads to allow heavy haulage to get driving power directly from the road in the form of electricity. An architecture model for such roads has been prepared using UAF. It describes how the effects of such roads can be handled as part of the architecture model and how various services might be used to facilitate the uptake of trucks that utilize electric roads. It also describes the intended simulation of power consumption on an electric road that is being subjected to different traffic scenarios from heavy haulage and can be used (when completed) to test a number of different traffic scenarios and its impact on electricity requirements.

Deloitte is the largest professional services company in the world, and an industry leader in digital transformation, providing strategic advice to government agencies and industry partners alike on how to digitize operations, how to evolve the workforce to work in the new digital environment, and how to incentivize the workforce to engage with a newly digital ecosystem.

Recently, Deloitte supported a Program Executive Office (PEO) at a major defense agency to produce a digital engineering campaign focused on accelerating workforce adoption and application of MBSE and MOSA within the agency, while also evolving the organization’s existing Information Technology (IT) infrastructure to provide the capacity for integrated digital threads, and to establish governance and policy structures. And to further show the PEO’s commitment to digital transformation, the Deloitte team collaborated with the government to produce a campaign plan model, which captured how organizational capabilities evolve as a result of the completion of Digital Engineering projects and initiatives over a 3 to 5 year time horizon.

This presentation will provide an overview of how the combined Deloitte and government teams used the Unified Architecture Framework (UAF) profile of the Systems Modeling Language (SysML) to create a model of the PEO’s organizational capability, and its evolution over the life of the Digital Engineering campaign.

Major General Crider will discuss why the USSF must become a Digital Service, what that will look like, and the plan for realizing that Vision. This session will wrap up with a 15 minute Q&A. Recorded live at the UAF Summit on March 24, 2021

Object Management Group is a non-profit organization dedicated to advancing technology through participation across member companies. Now over thirty years old, OMG began as a standards development organization, publishing standards such as CORBA and UML. With over 225 specifications to its name OMG has continued to develop technologies through membership communities. The Industrial Internet Consortium (IIC) established seven years ago, and Digital Twin Consortium last year. These programs focus on particular technical and business aspects of various technology enablers, developing technologies and best practices to bring back to member companies.

Other communities formed by OMG include BPM+ Health, Consortium for Information & Software Quality, and the DDS Foundation. This webinar will explore opportunities for collaboration between OMG programs. For example, controlling multiple sensors from different vendors is ripe for standardization; digital twins are a technology enabler for the industrial internet. Member companies in one program frequently have an interest in others, so we offer limited cross-program participation.

Bill Hoffman, President of OMG, will be joined by each program’s chief technical officer for a brief overview of each organization followed by a panel discussion and Q&A session. Please join the webinar to learn more about how you can accrue value from OMG and its programs.

FIGI® (Financial Instruments Global Identifier®) is an open standard for the issuance of unique identifiers that can be assigned to financial instruments including common stock, options, derivatives, futures, corporate and government bonds, municipals, currencies, and mortgage products.
Kaiko has been approved as Certified Provider of FIGI for crypto assets, working under the auspice of the Object Management Group and alongside Bloomberg, to expand the open data standard to blockchain-based digital assets.
Many market information providers, securities exchanges and third-party applications have adopted the FIGI in their market data feeds. Doing so allows their customers to have a coherent view of market data across multiple providers and applications, so that customers are not obligated to build their own mapping systems to match up disparate instrument identifiers.

Crypto FIGIs
With the continuing growth in the creation, use, and trade of digital assets, there is a need to bring greater standardization to the sector. FIGIs for crypto assets will enable interoperability, transparency, and greater efficiency between industry participants such as digital asset exchanges, data aggregators, custodians of digital assets, service providers, and regulators.
Importantly, the FIGI standard will be compatible with and complement alternative standards. Each instrument assigned a FIGI may also be tied to an International Securities Identification Number (ISIN) or other identifiers, such as ISO’s future Digital Transaction Identifier (“DTI”).

Cloud Computing often raises or complicates the question of how customers can recover the direct costs and indirect losses resulting from an outage or a data breach. The objective of this Discussion Paper is to explain the role Cyber Insurance contracts play in mitigating those consequences, and the challenges of assessing the risk and the damage – especially to intangible assets.
Cyber Insurance (CI) is evolving in response to user demands. In particular, a new form of contract – parametric insurance – has been introduced to overcome some of the limitations of traditional indemnity insurance. This paper explains how this paves the way toward the future state of CI.
The paper covered the following topics:
• What is Cyber Insurance?
• The impact of intangible assets
• The impact of cloud services
• Risk assessment
• The future of Cyber Insurance
• Standards needed for Cyber Insurance

The co-authors of this important discussion paper will present their work and take questions

The Object Management Group is exploring potential issues and opportunities for standardization across the world of distributed ledger (DLT) and Blockchain ecosystems. One area of interest is ‘self-sovereign’ identity (SSID), where we see potential for standardization for a new kind of ‘Disposable’ SSID. These are context-specific or ephemeral identities, framed in terms of the existing W3C DID standard for SSIDs but with additional requirements for limited, context-specific usage.
The OMG believes that this requirement may benefit from the development of a standard and has released a ‘Request for Information’ (RFI) seeking information from industry and interested parties on the overall SSID space and the challenges of dealing with contextual and short-term identity requirements, privacy and data usage issues etc., in order to establish whether there is a potential need for a standard in this area.
The date for comments to be received on this is 31 March 2021.
At this webinar we will present the insights we have gained so far on Disposable SSIDs and potential solutions, so we can communicate a clear sense of what we are trying to learn and the range of responses we are seeking.

The Object Management Group is soliciting proposals in the form of potential standards for a class of distributed messaging applications that may be deployed in Distributed Ledger Technology (DLT), Blockchain, IPFS, distributed file systems and other Distributed Immutable Data Objects (DIDO) ecosystems. To this end we have released a ‘Request for Proposals’ for Linked Encrypted Transaction Streams (LETS).
A LETS standard would define methods for encrypting and linking transactions into ordered structures, or streams, with controls over who can access that information, in a way that is independent of any underlying Blockchain or DLT protocol. The business motivation for this is to support contextual messaging for improved business workflows and IoT data access control.
The full request and details on how to respond can be found in the Linked Encrypted Transaction Streams (LETS) RFP (https://www.omg.org/cgi-bin/doc.cgi?mars/20-12-22.) The deadline to submit a letter of intent is February 9, 2021 and the initial submission deadline is May 17, 2021. The RFP is open to the public.
At this webinar we will present details about the problem we are aiming to address, the kind of responses we are looking for, guidelines on the use of existing standards in submissions and examples of applications that would reflect the potential new standard.

Want to know which new specs have been approved? Interested in helping to influence the direction of new standards? Curious what's on the agendas for the March 2021 meeting? Join us in this webinar for an overview of recently approved specifications, learn where you can participate on open work in progress, see what's being discussed in the task forces and how you can get involved.
Home to some of the world's foremost ontologists and creators of the most popular software modeling and systems engineering standards, OMG has been setting the standards since 1989. OMG's proven process has earned the ISO Fast-Track/PAS submitter status. Learn what's happening with the standards that power your business!

DDS as an enabler for armoured fighting vehicle equipment and systems integration.
In service and future defense vehicle systems comprise an increasing range of attached equipment and systems. These require frequent refresh and addition to mitigate emerging threats and maintain operational edge.
This seminar will introduce the use of DDS as a key element of the UK and NATO Generic Vehicle Architecture (GVA) standard. The GVA standard uses DDS to assure modularity and delamination of vehicle system elements and to underpin data standards for vehicle information. These in turn reduce the equipment needed and effort required to integrate existing and new platform elements.
The seminar will explain the use of DDS using production examples as a key part of the GVA to provide platform management systems, and further up the value chain to platform mission systems and extensions to secondary platforms such as unmanned ground vehicles.

Want to know which new specs have been approved? Interested in helping to influence the direction of new standards? Curious what's on the agendas for the September meeting? Join us in this webinar for an overview of recently approved specifications, learn where you can participate on open work in progress, see what's being discussed in the task forces and how you can get involved.
Home to some of the world's foremost ontologists and creators of the most popular software modeling and systems engineering standards, OMG has been setting the standards since 1989. OMG's proven process has earned the ISO Fast-Track/PAS submitter status. Learn what's happening with the standards that power your business!

Internet-connected devices, from point-of-sale payment devices such as signature scanners, to audit-logging devices such as printers and cash dispensers, have dramatically increased retail industry security threats. New threats are constantly emerging, and attackers are becoming more capable and organized. At the same time, compliance requirements for security and data protection are becoming more stringent. Retail organizations are rightly concerned about developing robust security and data protection plans.

Retail establishments need to take a structured, top-down approach toward setting goals and a means to assess the current security state, trading off investment against risk in a sensible manner. This webinar takes concepts identified in the IIC Industrial Internet Security Framework and the IoT SMM Practitioner’s Guide and will help retail organization stakeholders determine their security needs. First, business stakeholders use the model to define security goals and objectives tied to risks. Then, technical teams within the retail organization, or third-party assessment vendors, map these objectives into tangible security techniques and capabilities, and identify an appropriate target security maturity level.

Attendees will learn how to match their investment with their security needs as they migrate their point-of-sale devices within the IOT world.

Robocars will make life better and more efficient. But autonomous vehicles (AVs) that do everything drivers can do are still years or even decades away. And since operation with nobody in the car is critical for economic viability, we need a way to help the AV with “corner cases”. The best way to enable AVs sooner is to use human operators to suggest strategies when the vehicle gets stuck. That requires vehicle fleets to have control rooms. This session will examine the potential and challenge of practical teleoperation, including combining assistance strategies, control-center design, cloud computing, and 5G connectivity. It will also consider the architecture required to connect in-vehicle control and remote oversight. These systems should not be designed independently. AVs need a consistent architecture for the vehicle, control center, and cloud.