Skip to main content

Comparing Cybersecurity Information Exchange Models and Standards for the Common Secure Information Management Framework

  • 423 Accesses

Part of the Studies in Big Data book series (SBD,volume 84)

Abstract

Cyber threats have increased in spite of formal economic integration in the world. Decision-makers and authorities need to respond to the growing challenge of cyberthreats by increasing cooperation. Information is one of the main facilities when the objective is to prevent hybrid threats at EU level and between the western countries. The main purpose of the study is to find out separating and combining factors concerning existing cyber information sharing models and information management frameworks in western countries. The aim is also to find out crucial factors, which affect the utilization of a common Early Warning System for the ECHO stakeholders. The main findings are that unclear allocation of responsibilities in national government departments prevents authorities from fighting together against cyber and physical threats. Responsibilities for developing cybersecurity have been shared among too many developers. Operational work concerning cyber threat prevention between European public safety authorities should be more standardized, with more centralized information management system. When the purpose is to protect the critical infrastructure of society, public safety organizations in European Union member states need proactive features and continuous risk management in their information systems. The sharing of responsibilities for standardization concerning information management systems and cyber emergency procedures between authorities and international organizations is unclear.

Keywords

  • Information sharing
  • Early warning
  • Standards
  • ECHO project

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-65722-2_9
  • Chapter length: 23 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   139.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-65722-2
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   179.99
Price excludes VAT (USA)
Hardcover Book
USD   179.99
Price excludes VAT (USA)
Fig. 1
Fig. 2
Fig. 3

References

  1. Advisera Expert Solutions: What is ISO 22301? [Homepage of Advisera Expert Solutions] (2019). [Online]. Available: https://advisera.com/27001academy/what-is-iso-22301/. 28 Aug 10

  2. Bakis, B., Wang, E.D.: Building a National Cyber Information-Sharing Ecosystem. MITRE Corporation (2017)

    Google Scholar 

  3. Bigelow, B.: The Topography of cyberspace and its consequences for operations. In: 10th International Conference on Cyber Conflict 2018, NATO CCD COE Publications (2018)

    Google Scholar 

  4. Department of Homeland Security (DHS): Blueprint for a Secure Cyber Future—The Cybersecurity Strategy for the Homeland Security Enterprise. DHS (2011)

    Google Scholar 

  5. ENISA: NIS Directive [Homepage of European Union Agency for Network and Information Security] (2019-last update), [Online]. Available: https://www.enisa.europa.eu/topics/nis-directive [6/2019]

  6. ENISA: Position Paper of the EP3R Task Forces on Trusted Information Sharing (TF-TIS). European Union Agency for Network and Information Security, Greece (2013)

    Google Scholar 

  7. ENISA & ITE: Information Sharing and Analysis Centres (ISACs) Cooperative models. European Union Agency for Network and Information Security, Greece (2017)

    Google Scholar 

  8. European Commission: EU-U.S. Privacy Shield: Stronger Protection for Transatlantic Data Flows. Brussels (2016)

    Google Scholar 

  9. European Commission: General Data Protection Regulation (EU) 2016/679. Regulation edn. Brussels (2016)

    Google Scholar 

  10. European Commission: Joint Communication To The European Parliament, The Council, The European Economic And Social Committee And The Committee Of The Regions. European Commission, Brussels (2013)

    Google Scholar 

  11. European Union Agency for Cybersecurity (ENISA): Public Private Partnerships (PPP) Cooperative models. European Union Agency for Network and Information Security, Greece (2017)

    Google Scholar 

  12. European Union Agency for Cybersecurity (ENISA): Good Practice Guide—Network Security Information exchanges. ENISA, Greece (2009)

    Google Scholar 

  13. European Union Agency for Network and Information Security (ENISA): Smart grid security certification in EUROPE. ENISA, Greece (2014)

    Google Scholar 

  14. European Union Agency for Network and Information Security (ENISA): EP3R 2013—Position Paper of the EP3R Task Forces on Trusted Information Sharing (TF-TIS). European Union Agency for Network and Information Security, Greece (2013)

    Google Scholar 

  15. Finnish Association for Standardization SFS RY: Information technology. Safety. Information security management systems. Privacy Standards. SFS (2018)

    Google Scholar 

  16. Harvard Law School Forum on Corporate Governance and Financial Regulation: Federal Guidance on the Cybersecurity Information Sharing Act of 2015 [Homepage of The President and Fellows of Harvard College] (2016). [Online]. Available: https://corpgov.law.harvard.edu/2016/03/03/federal-guidance-on-the-cybersecurity-information-sharing-act-of-2015/. 11 Oct 2019

  17. International Organization for Standardization (ISO): ISO/IEC 29151:2017 Information technology—Security techniques—Code of practice for personally identifiable information protection [Homepage of ISO] (2018), [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso-iec:29151:ed-1:v1:en

  18. International Organization for Standardization (ISO): International Standard ISO/IEC 27010:2015. Standard edn. Switzerland (2015)

    Google Scholar 

  19. International Organization for Standardization (ISO): ISO/IEC 29134:2017 Guidelines for privacy impact assessment (2017). Available: https://www.iso.org/standard/62289.html

  20. International Organization for Standardization (ISO): ISO/IEC 27002:2013 Security techniques—Code of practice for information security controls [Homepage of ISO] (2013), [Online]. Available: https://www.iso.org/standard/54533.html

  21. International Organization for Standardization ISO: ISO/IEC 29100:2011 information technology—Security techniques—Privacy framework [Homepage of ISO] (2018), [Online]. Available: https://www.iso.org/standard/45123.html2019

  22. International Telecommunication Union: Global Cybersecurity Index (GCI) 2018. ITU, Switzerland (2018)

    Google Scholar 

  23. ISECT: ISO/IEC 27005:2018 Information technology—Security techniques—Information security risk management (third edition [Homepage of IsecT Limited] (2018), [Online]. Available: https://www.iso27001security.com/html/27005.html

  24. ISECT: ISO/IEC 27001 Information security management systems—Requirements [Homepage of IsecT Limited] (2017), [Online]. Available: https://www.iso27001security.com/html/about_us.html

  25. Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems, A Cyber-Physical Systems Approach, 2 edn. (2015)

    Google Scholar 

  26. Lehto, M., Limnéll, J., Kokkomäki, T., Pöyhönen, J., Salminen, M.: Kyberturvallisuuden strateginen johtaminen Suomessa. 28. Valtioneuvoston kanslia, Helsinki (2018)

    Google Scholar 

  27. Migration and Home Affairs: Information exchange [Homepage of European Commission] (2019), [Online]. Available: https://ec.europa.eu/home-affairs/what-we-do/policies/police-cooperation/information-exchange_en. [06/2019, 17/06/2019].

  28. Ministry of the Interior: National Risk Assessment. Ministry of the Interior, Helsinki (2018)

    Google Scholar 

  29. MITRE: Cyber Information-Sharing Models: An Overview. MITRE Corporation (2012)

    Google Scholar 

  30. MITRE Corporation: Cyber Operations Rapid Assessment (CORA): A Guide to Best Practices for Threat-Informed Cyber Security Operations | The MITRE Corporation. Available: https://www.mitre.org/sites/default/files/publications/pr_15-2971-cyber-operations-rapid-assessment-best-practices_0.pdf [3/20/2016, 2016]

  31. Nai-Fovino, I., Neisse, R., Lazari, A., Ruzzante, G., Polemi, N., Figwer, M.: European Cybersecurity Centres of Expertise Map—Definitions and Taxonomy. Publications Office of the European Union, Luxemburg (2018)

    Google Scholar 

  32. National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity. 1.1. NIST (2018)

    Google Scholar 

  33. National Institute of Standards and Technology: Guide to Cyber Threat Information Sharing. NIST Special Publication 800–150. National Institute of Standards and Technology, Gaithersburg (2016)

    Google Scholar 

  34. National Institute of Standards and Technology: Guidelines for Smart Grid Cybersecurity—Volume 2 privacy and the Smart Grid. U. S. Department of Commerce (2014)

    Google Scholar 

  35. National Institute of Standards and Technology: Guide for Conducting Risk Assessments. 800–30. U.S. Department of Commerce, Gaithersburg (2013)

    Google Scholar 

  36. Office of Information Policy (OIP): What is FOIA? [Homepage of U.S. Department of Justice] (2019), [Online]. Available: https://corpgov.law.harvard.edu/2016/03/03/federal-guidance-on-the-cybersecurity-information-sharing-act-of-2015/ [10/11, 2019].

  37. Pernik, P., Wojtkowiak, J., Verschoor-Kirss, A.: National Cyber Security Organisation: United States. CCDCOE, Tallinn (2016)

    Google Scholar 

  38. President’s National Security Telecommunications Advisory Committee (NSTAC): Report to the President on the National Coordinating Center. Department of the Homeland Security (2006)

    Google Scholar 

  39. Secretariat of the Security Committee: Finland’s cyber security strategy—government resolution. Ministry of Defense (2013)

    Google Scholar 

  40. Skopik, F., Settanni, G., Fiedler, R.: A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur., 154–176 (2016)

    Google Scholar 

  41. Smeets, M.: NATO Allies Need to Come to Terms with Offensive Cyber Operations [Homepage of Lawfare] (2019), [Online]. Available: https://www.lawfareblog.com/nato-allies-need-come-terms-offensive-cyber-operations [11/19, 2019].

  42. U.S. Mission to NATO: About NATO (2019). Available: https://nato.usmission.gov/our-relationship/about-nato/

  43. White, G., Lipsey, R.: ISAO SO Product Outline. ISAO Standards Organization (2016)

    Google Scholar 

  44. Yin, R.K.: Case Study Research, Design and Methods, 5th edn. Sage, Thousand Oaks, CA (2014)

    Google Scholar 

  45. Court of Justice of the European Union: The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Jussi Simola .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Verify currency and authenticity via CrossMark

Cite this chapter

Simola, J. (2021). Comparing Cybersecurity Information Exchange Models and Standards for the Common Secure Information Management Framework. In: Tagarev, T., Atanassov, K.T., Kharchenko, V., Kacprzyk, J. (eds) Digital Transformation, Cyber Security and Resilience of Modern Societies. Studies in Big Data, vol 84. Springer, Cham. https://doi.org/10.1007/978-3-030-65722-2_9

Download citation