Abstract
Cyber threats have increased in spite of formal economic integration in the world. Decision-makers and authorities need to respond to the growing challenge of cyberthreats by increasing cooperation. Information is one of the main facilities when the objective is to prevent hybrid threats at EU level and between the western countries. The main purpose of the study is to find out separating and combining factors concerning existing cyber information sharing models and information management frameworks in western countries. The aim is also to find out crucial factors, which affect the utilization of a common Early Warning System for the ECHO stakeholders. The main findings are that unclear allocation of responsibilities in national government departments prevents authorities from fighting together against cyber and physical threats. Responsibilities for developing cybersecurity have been shared among too many developers. Operational work concerning cyber threat prevention between European public safety authorities should be more standardized, with more centralized information management system. When the purpose is to protect the critical infrastructure of society, public safety organizations in European Union member states need proactive features and continuous risk management in their information systems. The sharing of responsibilities for standardization concerning information management systems and cyber emergency procedures between authorities and international organizations is unclear.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Advisera Expert Solutions: What is ISO 22301? [Homepage of Advisera Expert Solutions] (2019). [Online]. Available: https://advisera.com/27001academy/what-is-iso-22301/. 28 Aug 10
Bakis, B., Wang, E.D.: Building a National Cyber Information-Sharing Ecosystem. MITRE Corporation (2017)
Bigelow, B.: The Topography of cyberspace and its consequences for operations. In: 10th International Conference on Cyber Conflict 2018, NATO CCD COE Publications (2018)
Department of Homeland Security (DHS): Blueprint for a Secure Cyber Future—The Cybersecurity Strategy for the Homeland Security Enterprise. DHS (2011)
ENISA: NIS Directive [Homepage of European Union Agency for Network and Information Security] (2019-last update), [Online]. Available: https://www.enisa.europa.eu/topics/nis-directive [6/2019]
ENISA: Position Paper of the EP3R Task Forces on Trusted Information Sharing (TF-TIS). European Union Agency for Network and Information Security, Greece (2013)
ENISA & ITE: Information Sharing and Analysis Centres (ISACs) Cooperative models. European Union Agency for Network and Information Security, Greece (2017)
European Commission: EU-U.S. Privacy Shield: Stronger Protection for Transatlantic Data Flows. Brussels (2016)
European Commission: General Data Protection Regulation (EU) 2016/679. Regulation edn. Brussels (2016)
European Commission: Joint Communication To The European Parliament, The Council, The European Economic And Social Committee And The Committee Of The Regions. European Commission, Brussels (2013)
European Union Agency for Cybersecurity (ENISA): Public Private Partnerships (PPP) Cooperative models. European Union Agency for Network and Information Security, Greece (2017)
European Union Agency for Cybersecurity (ENISA): Good Practice Guide—Network Security Information exchanges. ENISA, Greece (2009)
European Union Agency for Network and Information Security (ENISA): Smart grid security certification in EUROPE. ENISA, Greece (2014)
European Union Agency for Network and Information Security (ENISA): EP3R 2013—Position Paper of the EP3R Task Forces on Trusted Information Sharing (TF-TIS). European Union Agency for Network and Information Security, Greece (2013)
Finnish Association for Standardization SFS RY: Information technology. Safety. Information security management systems. Privacy Standards. SFS (2018)
Harvard Law School Forum on Corporate Governance and Financial Regulation: Federal Guidance on the Cybersecurity Information Sharing Act of 2015 [Homepage of The President and Fellows of Harvard College] (2016). [Online]. Available: https://corpgov.law.harvard.edu/2016/03/03/federal-guidance-on-the-cybersecurity-information-sharing-act-of-2015/. 11 Oct 2019
International Organization for Standardization (ISO): ISO/IEC 29151:2017 Information technology—Security techniques—Code of practice for personally identifiable information protection [Homepage of ISO] (2018), [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso-iec:29151:ed-1:v1:en
International Organization for Standardization (ISO): International Standard ISO/IEC 27010:2015. Standard edn. Switzerland (2015)
International Organization for Standardization (ISO): ISO/IEC 29134:2017 Guidelines for privacy impact assessment (2017). Available: https://www.iso.org/standard/62289.html
International Organization for Standardization (ISO): ISO/IEC 27002:2013 Security techniques—Code of practice for information security controls [Homepage of ISO] (2013), [Online]. Available: https://www.iso.org/standard/54533.html
International Organization for Standardization ISO: ISO/IEC 29100:2011 information technology—Security techniques—Privacy framework [Homepage of ISO] (2018), [Online]. Available: https://www.iso.org/standard/45123.html2019
International Telecommunication Union: Global Cybersecurity Index (GCI) 2018. ITU, Switzerland (2018)
ISECT: ISO/IEC 27005:2018 Information technology—Security techniques—Information security risk management (third edition [Homepage of IsecT Limited] (2018), [Online]. Available: https://www.iso27001security.com/html/27005.html
ISECT: ISO/IEC 27001 Information security management systems—Requirements [Homepage of IsecT Limited] (2017), [Online]. Available: https://www.iso27001security.com/html/about_us.html
Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems, A Cyber-Physical Systems Approach, 2 edn. (2015)
Lehto, M., Limnéll, J., Kokkomäki, T., Pöyhönen, J., Salminen, M.: Kyberturvallisuuden strateginen johtaminen Suomessa. 28. Valtioneuvoston kanslia, Helsinki (2018)
Migration and Home Affairs: Information exchange [Homepage of European Commission] (2019), [Online]. Available: https://ec.europa.eu/home-affairs/what-we-do/policies/police-cooperation/information-exchange_en. [06/2019, 17/06/2019].
Ministry of the Interior: National Risk Assessment. Ministry of the Interior, Helsinki (2018)
MITRE: Cyber Information-Sharing Models: An Overview. MITRE Corporation (2012)
MITRE Corporation: Cyber Operations Rapid Assessment (CORA): A Guide to Best Practices for Threat-Informed Cyber Security Operations | The MITRE Corporation. Available: https://www.mitre.org/sites/default/files/publications/pr_15-2971-cyber-operations-rapid-assessment-best-practices_0.pdf [3/20/2016, 2016]
Nai-Fovino, I., Neisse, R., Lazari, A., Ruzzante, G., Polemi, N., Figwer, M.: European Cybersecurity Centres of Expertise Map—Definitions and Taxonomy. Publications Office of the European Union, Luxemburg (2018)
National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity. 1.1. NIST (2018)
National Institute of Standards and Technology: Guide to Cyber Threat Information Sharing. NIST Special Publication 800–150. National Institute of Standards and Technology, Gaithersburg (2016)
National Institute of Standards and Technology: Guidelines for Smart Grid Cybersecurity—Volume 2 privacy and the Smart Grid. U. S. Department of Commerce (2014)
National Institute of Standards and Technology: Guide for Conducting Risk Assessments. 800–30. U.S. Department of Commerce, Gaithersburg (2013)
Office of Information Policy (OIP): What is FOIA? [Homepage of U.S. Department of Justice] (2019), [Online]. Available: https://corpgov.law.harvard.edu/2016/03/03/federal-guidance-on-the-cybersecurity-information-sharing-act-of-2015/ [10/11, 2019].
Pernik, P., Wojtkowiak, J., Verschoor-Kirss, A.: National Cyber Security Organisation: United States. CCDCOE, Tallinn (2016)
President’s National Security Telecommunications Advisory Committee (NSTAC): Report to the President on the National Coordinating Center. Department of the Homeland Security (2006)
Secretariat of the Security Committee: Finland’s cyber security strategy—government resolution. Ministry of Defense (2013)
Skopik, F., Settanni, G., Fiedler, R.: A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur., 154–176 (2016)
Smeets, M.: NATO Allies Need to Come to Terms with Offensive Cyber Operations [Homepage of Lawfare] (2019), [Online]. Available: https://www.lawfareblog.com/nato-allies-need-come-terms-offensive-cyber-operations [11/19, 2019].
U.S. Mission to NATO: About NATO (2019). Available: https://nato.usmission.gov/our-relationship/about-nato/
White, G., Lipsey, R.: ISAO SO Product Outline. ISAO Standards Organization (2016)
Yin, R.K.: Case Study Research, Design and Methods, 5th edn. Sage, Thousand Oaks, CA (2014)
Court of Justice of the European Union: The Court of Justice invalidates Decision 2016/1250 on the adequacy of the protection provided by the EU-US Data Protection Shield (2020)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Simola, J. (2021). Comparing Cybersecurity Information Exchange Models and Standards for the Common Secure Information Management Framework. In: Tagarev, T., Atanassov, K.T., Kharchenko, V., Kacprzyk, J. (eds) Digital Transformation, Cyber Security and Resilience of Modern Societies. Studies in Big Data, vol 84. Springer, Cham. https://doi.org/10.1007/978-3-030-65722-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-65722-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65721-5
Online ISBN: 978-3-030-65722-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)