Public Disclosure of Cyber Threat Information: Risks and Benefits (of an Invited Paper) Francesco

摘要

A growing number of actors perpetrate cyber attacks to various targets, be them public entities, ISPs, enterprises or citizens. Supported by governments or aiming at criminal activities, attackers dispose of channels for sharing and obtaining undisclosed vulnerabilities, attack toolkits and information. On the other hand, attack targets need to react quickly and effectively but they risk to be alone if they do not join forces with others. However timely reactions depend on the quality and timeliness of interactions among peers (e.g. CERTs, public security bodies, ISPs, service providers). There is a need for automated cyber information preparation, sharing and consumption, being fulfilled by initiatives like CybOX [4], STIX [2], Taxii [5] and MISP [1]. However, concerns exist, related to confidential details withing cyber threat information reports, their usage as well as potential data protection laws violations. These constraints render the actual collaboration quite limited in terms of scope. A number of initiatives are focussing on CTI sharing, tackling the most significant obstacles and aiming at bringing benefits to all stakeholders involved in the process. In the talk, risks and benefits will be presented, together with an overview of existing initiatives active in the field.