Advertisement

e & i Elektrotechnik und Informationstechnik

, Volume 132, Issue 2, pp 106–112 | Cite as

Cyber security information exchange to gain insight into the effects of cyber threats and incidents

  • Frank FransenEmail author
  • Andre Smulders
  • Richard Kerkdijk
Originalarbeiten

Abstract

The last couple of years we have seen an increase in interests and initiatives in establishing threat intelligence sharing communities, and on the development of standards and platforms for automated cyber security information sharing. These initiatives are focused on helping organisations to increase their resilience to new attacks and threats.

In this paper we will investigate how we can leverage from cyber security information sharing infrastructures to gain early insight into the large scale effects of cyber threats and incidents. In particular we focus on those that might have a disruptive effect on society. Furthermore, in this paper we will discuss what information needs to be shared and how this can be done using the dominant threat intelligence sharing standards.

Keywords

cyber security information sharing threat intelligence STIX—Structured Threat Information eXpression 

Cyber Security-Informationsaustausch zur Erkennung von Cyber-Bedrohungen und -Vorfällen

Zusammenfassung

In den letzten paar Jahren erlebten wir einen Anstieg des Interesses als auch den Aufbau von Initiativen für den Austausch von Informationen über Cyber-Bedrohung zwischen Organisationen und für die Entwicklung von Standards und Plattformen für den automatischen Austausch von Cyber Security-Informationen. Diese Initiativen zielen darauf ab, Organisationen bei der Erhöhung ihrer Widerstandsfähigkeit gegen neue Attacken und Bedrohungen zu unterstützen.

In diesem Beitrag erörtern die Autoren, wie eine Infrastruktur zum Cyber Security-Informationsaustausch zu einem frühen Einblick in die großflächigen Effekte der Cyber-Bedrohungen und -Vorfälle verhilft. Im Besonderen sind jene Bedrohungsszenarien im Fokus, welche einen nachhaltigen negativen Effekt auf die Gesellschaft ausüben. Darüber hinaus wird in diesem Beitrag diskutiert, welche Information ausgetauscht werden muss und wie dies unter Einsatz der vorhandenen Standards in diesem Bereich geschehen kann.

Schlüsselwörter

Cyber Security-Informationsaustausch Informationen über Cyber-Bedrohung STIX—Structured Threat Information eXpression 

References

  1. 1.
    MITRE (2014): Trusted automated eXchange of indicator information. [ONLINE] Available at http://taxii.mitre.org/.
  2. 2.
    MITRE (2014): Cyber observable eXpression. [ONLINE] Available at http://cybox.mitre.org/.
  3. 3.
    MITRE (2014): Structured threat information eXpression. [ONLINE] Available at http://stix.mitre.org/.
  4. 4.
    MITRE (2014): Incident vs. indicator. [ONLINE] Available at http://stixproject.github.io/documentation/idioms/incident-vs-indicator/index.html.
  5. 5.
    National Cyber Security Centrum (2013): Cybersecuritybeeld Nederland, CSBN-3. Den Haag: NCSC, Ministerie van Veiligheid en Justitie.Google Scholar
  6. 6.
    National Institute of Standards and Technology (2012): Computer security incident handling guide NCSC. NIST: Ministerie van Veiligheid en Justitie.Google Scholar
  7. 7.
    National Institute of Standards and Technology (2011): Information security continuous monitoring (ISCM) for federal information systems and organizations.Google Scholar
  8. 8.
    The Open Group (2009): Risk taxonomy. Berkshire: The Open Group.Google Scholar
  9. 9.
    Multinational Alliance for Collaborative Cyber Situational Awareness (2013): Information sharing framework v2.4. Multinational Alliance for Collaborative Cyber Situational Awareness.Google Scholar
  10. 10.
    European Network and Information Security Agency (2013): Technical guidance on the incident reporting in Article 13a. ENISA.Google Scholar
  11. 11.
    VERIS Community: Impact [VERIS Community]. 24 12 2012. [Online]. Available: http://www.veriscommunity.net/doku.php?id=impact [Accessed 17 March 2014].
  12. 12.
    VERIS Community: Overview [VERIS Community], VERIS, 2012. [Online]. Available: http://www.veriscommunity.net/doku.php?id=overview. [Accessed 29 04 2014].
  13. 13.
    ISO/IEC 27035-2: Information technology—security techniques—information security incident management—Part 2: Guidelines to plan and prepare for incident response, ISO 2014.Google Scholar
  14. 14.
    MITRE (2014): Victim targeting by sector. [ONLINE] Available at http://stixproject.github.io/documentation/idioms/industry-sector/.
  15. 15.
    OASIS (2014): OASIS customer information quality (CIQ) TC. [ONLINE] Available at https://www.oasis-open.org/committees/ciq/.
  16. 16.
    ISO (2014): ISO/IEC 27000:2014 Information technology----security techniques—information security management systems—overview and vocabulary.Google Scholar
  17. 17.

Copyright information

© Springer Verlag Wien 2015

Authors and Affiliations

  • Frank Fransen
    • 1
    Email author
  • Andre Smulders
    • 2
  • Richard Kerkdijk
    • 1
  1. 1.TNOGroningenThe Netherlands
  2. 2.TNODelftThe Netherlands

Personalised recommendations