Protection of personal data in security alert sharing platforms

In order to ensure confidentiality, integrity and availability (so called CIA triad) of data within network infrastructure, it is necessary to be able to detect and handle cyber security incidents. For this purpose, it is vital for Computer Security Incident Response Teams (CSIRT) to have enough data on relevant security events and threats. That is why CSIRTs share security alerts and incidents data using various sharing platforms. Even though they do so primarily to protect data and privacy of users, their use also lead to additional processing of personal data, which may cause new privacy risks. European data protection law, especially with the adoption of the new General data protection regulation, sets out very strict rules on processing of personal data which on one hand leads to greater protection of individual's rights, but on the other creates great obstacles for those who need to share any personal data. This paper analyses the General Data Protection Regulation (GDPR), relevant case-law and analyses by the Article 29 Working Party to propose optimal methods and level of personal data processing necessary for effective use of security alert sharing platforms, which would be legally compliant and lead to appropriate balance between risks.

[1]  Andreas Peter,et al.  Private Sharing of IOCs and Sightings , 2016, WISCS@CCS.

[2]  Martin Husák,et al.  Honeypots and honeynets: issues of privacy , 2017, EURASIP J. Inf. Secur..

[3]  Eric Goldstein,et al.  Metrics for Measuring the Efficacy of Critical-Infrastructure-Centric Cybersecurity Information Sharing Efforts , 2012 .

[4]  Harald Baier,et al.  How to exchange security events? Overview and evaluation of formats and protocols , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[6]  Wanying Zhao,et al.  A collaborative information sharing framework for Community Cyber Security , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[7]  EMMANOUIL VASILOMANOLAKIS,et al.  Taxonomy and Survey of Collaborative Intrusion Detection , 2015, ACM Comput. Surv..

[8]  Yang Liu,et al.  Collaborative Security , 2015, ACM Comput. Surv..

[9]  A. Cormack Incident Response: Protecting Individual Rights Under the General Data Protection Regulation , 2016 .

[10]  Raouf Boutaba,et al.  Intrusion Detection Networks - A Key to Collaborative Security , 2013 .

[11]  Roman Danyliw The Incident Object Description Exchange Format Version 2 , 2016, RFC.

[12]  Aiko Pras,et al.  Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX , 2014, IEEE Communications Surveys & Tutorials.

[13]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[14]  Christopher Krügel,et al.  Comprehensive approach to intrusion detection alert correlation , 2004, IEEE Transactions on Dependable and Secure Computing.

[15]  Graham Greenleaf,et al.  Global Data Privacy Laws: 89 Countries, and Accelerating , 2012 .

[16]  Sarah Brown,et al.  On the Design of a Cyber Security Data Sharing System , 2014, WISCS '14.

[17]  Cynthia Wagner,et al.  MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform , 2016, WISCS@CCS.