Cyber Threat Intelligence Sharing through National and Sector-Oriented Communities

Fransen, Frank; Kerkdijk, Richard

doi:10.4324/9781315397900-5

Cited by 5 publications

(6 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There is also a need for better intra and inter team communication tools ( Fransen and Kerkdijk, 2017 ). Current tools used as explained in the interviews, such as chat applications, phone calls and wikis, are often inadequate for updating shared awareness within the team, let alone between different teams, especially when there is a need for in-depth technical communication.…”

Section: Resultsmentioning

confidence: 99%

Computer Security Incident Response Team Effectiveness: A Needs Assessment

2017

View full text Add to dashboard Cite

Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would be likely to encounter problems. A needs assessment was done to see to which extent this argument holds true. We constructed an incident response needs model to assist in identifying areas that require improvement. We envisioned a model consisting of four assessment categories: Organization, Team, Individual and Instrumental. Central to this is the idea that both problems and needs can have an organizational, team, individual, or technical origin or a combination of these levels. To gather data we conducted a literature review. This resulted in a comprehensive list of challenges and needs that could hinder or improve, respectively, the performance of CSIRTs. Then, semi-structured in depth interviews were held with team coordinators and team members of five public and private sector Dutch CSIRTs to ground these findings in practice and to identify gaps between current and desired incident handling practices. This paper presents the findings of our needs assessment and ends with a discussion of potential solutions to problems with performance in incident response.

show abstract

Section: Resultsmentioning

confidence: 99%

Computer Security Incident Response Team Effectiveness: A Needs Assessment

2017

View full text Add to dashboard Cite

show abstract

“…The model allows the group of intelligence producers and consumers to share information [34]. Where private companies direct the source, this can be seen as controversial as they may be more interested in profit or competition with other providers [35].…”

Section: Cti Sharing Modelsmentioning

confidence: 99%

“…Noor et al [24] state that the hybrid model enables the best elements of both models, with Peer to Peer elements effectively collecting strategic CTI, while Hub and Spoke behaviour adds value to the raw CTI. The Hybrid model allows CTI from a central source to be shared with their peers [35], however, this could cause some issues for some proprietary platforms where the licensing only allows exclusive use by the subscriber and concerns around classification and source protection. This model could be useful for the energy sector, where feeds come from central government sources, with members being vetted before joining a community of sharers [6], while also facilitating timely peer sharing.…”

Section: Cti Sharing Modelsmentioning

confidence: 99%

Practical Cyber Threat Intelligence in the UK Energy Sector

Paice

McKeown

2023

Springer Proceedings in Complexity

View full text Add to dashboard Cite

The UK energy sector is a prime target for cyber-attacks by foreign states, criminals, 'hacktivist' groups and terrorists. As Critical National Infrastructure (CNI), the industry needs to understand the threats it faces to mitigate risks and make efficient use of limited resources. Cyber Threat Intelligence (CTI) sharing is one means of achieving this, by leveraging sector wide knowledge to combat ongoing mutual threats. However, being unable to segregate intelligence or to control what is disseminated to which parties, and by which means, has impeded industry cooperation thus far. The purpose of this study is to investigate the barriers to sharing and to add to the body of knowledge of CTI in the UK energy sector, while providing some level of assurance that existing tooling is fit for purpose. We achieve these aims by conducting a multivocal literature review and by experimentation using a simulated Malware Information Sharing Platform (MISP) community in a virtual environment. This work demonstrates that trust can be placed in the open-source MISP platform, with the caveat that the sharing models and tooling limitations are understood, while also taking care to create appropriate deployment taxonomies and sharing rules. It is hoped that some of the identified barriers are partially alleviated, helping to lay the foundations for a UK Energy sector CTI sharing community.

show abstract

“…Current Approach for Detecting Multi-Institutional Attacks. The main approach for handling multi-institution attacks currently is through sharing attack intelligence [14]. Cyber threat intelligence takes on many forms [14].…”

Section: Chapter 2 Related Workmentioning

confidence: 99%

“…Their networks are large, continuously changing, and there are a large number of attack attempts which overwhelms institution staff. They are also hesitant to share information [14] because:…”

Section: Chapter 2 Related Workmentioning

confidence: 99%

Soteria: An Approach for Detecting Multi-Institution Attacks

Zabarah

Naman

Salahuddin

et al. 2023

2023 26th Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN)

View full text Add to dashboard Cite

Please read the Statement of Contributions for details. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners.I understand that my thesis may be made electronically available to the public. Statement of ContributionsThe results of this work are descirbed in a paper that is under review at the 26 th Conference on Innovation in Clouds, Internet and Networks. I am the first author of this work and it was done in collaboration with Omar Naman under the supervision of Prof. Raouf Boutaba and Prof. Samer Al-Kiswany. Omar helped with surveying related work and writing the related work chapter.

show abstract

Cyber Threat Intelligence Sharing through National and Sector-Oriented Communities

Cited by 5 publications

References 1 publication

Computer Security Incident Response Team Effectiveness: A Needs Assessment

Computer Security Incident Response Team Effectiveness: A Needs Assessment

Practical Cyber Threat Intelligence in the UK Energy Sector

Soteria: An Approach for Detecting Multi-Institution Attacks

Contact Info

Product

Resources

About