CYBERSECURITY RESEARCH
Advancing cybersecurity with strategic partnerships
Fundamental understanding of Industrial Controls, Internet of Things, Embedded Systems, and sensor technologies, and the associated security and operational requirements they present.
- Automated Threat Detection and Response for Control Systems
- Cybersecurity Standards Development
- Predictive Threat Modeling of GIS Data
- Supply Chain Trust
- Critical Infrastructure Resiliency
Recent Projects
CYBERSECURITY STANDARDS
Experts in STIX, TAXII, OpenC2 and others
Structured Threat Information Expression (STIX™)
- New Context is one of the foremost authorities on the STIX standard.
- Our research team has developed STIX extensions for utility protocols such as Modbus/TCP, DNP3, and IEEE 16805/GOOSE.
- We are the co-authors of the STIX patterning language.
Trusted Automated Exchange of Intelligence Information (TAXII™)
- New Context is an authority on STIX and TAXII.
- We have supported TAXII since its charter within OASIS in 2015.
- Many of our research projects include the use of threat intelligence platforms with TAXII cyber threat intelligence feeds.
Open Command and Control (OpenC2)
OpenC2 is a standardized language for the command and control of technologies that provide or support cyber defenses. By providing a common language for machine-to-machine communication, OpenC2 is vendor and application agnostic, enabling interoperability across a range of cyber security tools and applications.
Collaborative Automated Course of Action Operations (CACAO) for Cyber Security
CACAO TC members are developing a standard to implement the course of action playbook model for cybersecurity operations. In order to defend against cyber threats, organizations must manually identify, create, and document the prevention, mitigation, and remediation steps that, together, form a course of action playbook.
OCA is building an open ecosystem where cybersecurity products interoperate without the need for customized integrations. Using community-developed standards and practices, we’re simplifying integration across the threat lifecycle.

One of the most respected, non-profit standards bodies in the world, OASIS Open offers projects—including open source projects—a path to standardization and de jure approval for reference in international policy and procurement.
CONSULTING AND MANAGEMENT EXPERTISE
Facilitators Across Organizations
Beyond the Technical
Creative Problem Solvers
Many Talented Experts
Executive Level Delivery
From Our Blog
11 Characteristics of Advanced Persistent Threats (APTs) That Set Them Apart
Advanced persistent threats, or APTs, are groups of people—cybercrime organizations, [...]
Data Security Best Practices: Tips for Any Size Organization
No matter how large or small your organization is, the [...]
Establishing a Cyber Security Culture: The Balance Between Trust and Risk
A cyber security culture stems from how an organization communicates [...]
5 Ways to Stop a Ransomware Attack
The 1920s—often referred to as the “Roaring Twenties”—produced some key [...]
How to Stop a DDoS Attack Before It Happens
For any business that primarily interacts and does transactions with [...]
Balancing Risk in CIA Triad Availability
The CIA triad's availability component breaks down to risk management. [...]