“In the public interest”: The privacy implications of international business-to-business sharing of cyber-threat intelligence
TL;DR: The analysis shows that the sharing of cyber threat intelligence is in the public interest so as to override the rights of a data subject, as long as it is carried out in ways that are strictly necessary in order to achieve security objectives.
About: This article is published in Computer Law & Security Review.The article was published on 2017-02-01 and is currently open access. It has received 15 citations till now. The article focuses on the topics: General Data Protection Regulation & Data Protection Directive.
Citations
More filters
TL;DR: This extensive literature survey explores the current state-of-the-art and approaches different problem areas of interest pertaining to the larger field of sharing cyber threat intelligence.
113 citations
TL;DR: Investigating the landscape of the available formats and languages, along with the publicly available sources of threat feeds, how these are implemented and their suitability for providing rich cyber-threat intelligence suggests that many of the standards have a poor level of adoption and implementation.
Abstract: The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been subsequently much-heralded as the de facto industry standards. In this paper, we investigate the landscape of the available formats and languages, along with the publicly available sources of threat feeds, how these are implemented and their suitability for providing rich cyber-threat intelligence. We also analyse at a sample of cyber-threat intelligence feeds, the type of data they provide and the issues found in aggregating and sharing the data. Moreover, the type of data supported by various formats and languages is correlated with the data needs for several use cases related to typical security operations. The main conclusions drawn by our analysis suggest that many of the standards have a poor level of adoption and implementation, with providers opting for custom or traditional simple formats.
35 citations
Cites background from "“In the public interest”: The priva..."
...These include the legal and privacy implications in sharing CTI across borders and jurisdictions (also the focus in [24] and [25]), which have recently received great attention due to the general data protection regulation (GDPR), the requirement of a critical mass for CTI sharing sources that characterises its effectiveness, along with the belief that the main impediment to security data sharing is the lack of a suitable platform that addresses the issues of formats and legal boundaries for CTI data....
[...]
24 Jun 2019
TL;DR: The model provides a more effective and efficient framework for a CTI sharing network that has the potential to overcome the trust barriers and data privacy issues inherent in this domain.
Abstract: The aim of this research is to propose a new blockchain network model that facilitates the secure dissemination of Cyber Threat Intelligence (CTI) data. The primary motivations for this study are based around the recent changes to information security legislation in the European Union and the challenges that Computer Security and Incident Response Teams (CSIRT) face when trying to share actionable and highly sensitive data within systems where participants do not always share the same interests or motivations. We discuss the common problems within the domain of CTI sharing and we propose a new model, that leverages the security properties of blockchain. Our model provides a more effective and efficient framework for a CTI sharing network that has the potential to overcome the trust barriers and data privacy issues inherent in this domain. We implemented a testbed using Hyperledger Fabric and the STIX 2.0 protocol and validated the efficacy of the segmentation, implemented using smart contracts and Fabric channels.
29 citations
Cites background from "“In the public interest”: The priva..."
...the literature are trust and privacy [12], [16], [17], [19]....
[...]
...Trust remains a very human element in an exchange of information in a CTI sharing context; however, there have been proposals to automate the trust element with computation [19], [8]....
[...]
...However, not every CSIRT will use the same SIEM system, therefore different CSIRTs will have access to different external threat intelligence data, creating silos of information and information that is only available to the users of that particular system [19]....
[...]
TL;DR: This paper synthesizes relevant articles and policy documents on cybersecurity risk, focusing on the dimensions detrimental to the banking system’s vulnerability, and proposes five new research avenues for consideration that may enhance knowledge of cybersecurity risk and help practitioners develop a better cyber risk management framework.
Abstract: In this paper, we provide a systematic review of the growing body of literature exploring the issues related to pervasive effects of cybersecurity risk on the financial system. As the cybersecurity risk has appeared as a significant threat to the financial sector, researchers and analysts are trying to understand this problem from different perspectives. There are plenty of documents providing conceptual discussions, technical analysis, and survey results, but empirical studies based on real data are yet limited. Besides, the international and national regulatory bodies suggest guidelines to help banks and financial institutions managing cyber risk exposure. In this paper, we synthesize relevant articles and policy documents on cybersecurity risk, focusing on the dimensions detrimental to the banking system’s vulnerability. Finally, we propose five new research avenues for consideration that may enhance our knowledge of cybersecurity risk and help practitioners develop a better cyber risk management framework.
20 citations
TL;DR: The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures.
Abstract: In recent years, the use of information technologies in Critical Infrastructures is gradually increasing. Although this brings benefits, it also increases the possibility of security attacks. Despite the availability of various advanced incident handling techniques and tools, there is still no easy, structured, standardized and trusted way to manage and forecast interrelated cybersecurity incidents. This paper introduces CyberSANE, a novel dynamic and collaborative, warning and response system, which supports security officers and operators to recognize, identify, dynamically analyse, forecast, treat and respond to security threats and risks and and it guides them to handle effectively cyber incidents. The components of CyberSANE are described along with a description of the CyberSANE data flow. The main novelty of the CyberSANE system is the fact that it enables the combination of active incident handling approaches with reactive approaches to support incidents of compound, highly dependent Critical Information Infrastructures. The benefits and added value of using CyberSANE is described with the aid of a set of cyber-attack scenarios.
14 citations