Conceptual framework for cyber defense information sharing within trust relationships

Information and Communication Technologies are increasingly intertwined across the economies and societies of developed countries. Protecting these technologies from cyberthreats requires collaborative relationships for exchanging cyber defense data and an ability to establish trusted relationships. The fact that Communication and Information Systems (CIS) security1 is an international issue increases the complexity of these relationships. Cyber defense collaboration presents specific challenges since most entities would like to share cyber-related data but lack a successful model to do so. We will explore four aspects of cyber defense collaboration to identify approaches for improving cyber defense information sharing. First, incentives and barriers for information sharing, which includes the type of information that may be of interest to share and the motivations that cause social networks to be used or stagnate. Second, collaborative risk management and information value perception. This includes risk management approaches that have built-in mechanisms for sharing and receiving information, increasing transparency, and improving entity peering relationships. Third, we explore procedural models for improving data exchange, with a focus on inter-governmental collaborative challenges. Fourth, we explore automation of sharing mechanisms for commonly shared cyber defense data (e.g., vulnerabilities, threat actors, black/ white lists). In order to reach a common understanding of terminology in this paper, we leverage the NATO CIS Security Capability Breakdown [19], published in November 2011, which is designed to identify and describe (CIS) security and cyber defense terminology and definitions to facilitate NATO, national, and multi-national discussion, coordination, and capability development.