Jesus, Vitor, Bains, Balraj and Chang, Victor (2023). Sharing Is Caring: Hurdles and Prospects of Open, Crowd-Sourced Cyber Threat Intelligence. IEEE Transactions on Engineering Management ,
Abstract
Abstract—Cyber threat intelligence (CTI) is widely recognized as an important area in cybersecurity but it remains an area showing silos and reserved for large organizations. For an area whose strength is in open and responsive sharing, we see that the generation of feeds has a small scale, is secretive, and is nearly always from specialized businesses that have a commercial interest in not publicly sharing insights at a speed where it could be effective in raising preparedness or stopping an attack. This article has three purposes. First, we extensively review the state and challenges of open, crowd-sourced CTI, with a focus on the perceived barriers. Second, having identified that confidentiality (in multiple forms) is a key barrier, we perform a confidentiality threat analysis of existing sharing architectures and standards, including reviewing circa one million of real-world feeds between 2014 and 2022 from the popular open platform MISP toward quantifying the inherent risks. Our goal is to build the case that, either by redesigning sharing architectures or simply performing simple sanitization of shared information, the confidentiality argument is not as strong as one may have presumed. Third, after identifying key requirements for open crowd-based sharing of CTI, we propose a reference (meta-) architecture. Managerial Relevance—CTI is widely recognized as a key advantage toward cyber resilience in its multiple dimensions, from business continuity to reputation/regulatory protection. Furthermore, as we review in this article, there are strong indications that the next generation of approaches to cybersecurity will be centered on CTI. Whereas CTI is an established business area, we see little adoption, closed communities, or high costs that small businesses cannot afford. For an area that, intuitively, should be open, as velocity and accuracy of information is crucial, we shed light on why we have no significant open, crowd-sourced CTI. In other words, why is usage so lacking? We identify reasons and deconstruct unclear and unhelpful rationales by looking at a wide range of literature (research and professional) and an analysis of nearly ten years of open CTI data. Our findings from current data indicate two types of reasons. One, and dominant, is unhelpful perceptions (e.g., confidentiality), and another stems from market factors (e.g., “free-riding”) that need collective movement as no single player may be able to break the cycle. After looking at motivations and barriers, we review existing technologies, elicit requirements, and propose a high-level open CTI sharing architecture that could be used as a reference for practitioners
Publication DOI: | https://doi.org/10.1109/TEM.2023.3279274 |
---|---|
Divisions: | College of Business and Social Sciences > Aston Business School College of Business and Social Sciences > Aston Business School > Operations & Information Management College of Engineering & Physical Sciences > School of Computer Science and Digital Technologies > Software Engineering & Cybersecurity College of Engineering & Physical Sciences > School of Computer Science and Digital Technologies |
Additional Information: | This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ |
Uncontrolled Keywords: | Confidentiality,cyber security,cybersecurity management,cyber threat intelligence (CTI) |
Publication ISSN: | 0018-9391 |
Last Modified: | 16 Dec 2024 08:54 |
Date Deposited: | 09 Jun 2023 09:24 |
Full Text Link: | |
Related URLs: |
https://ieeexpl ... cument/10146036
(Publisher URL) http://www.scop ... tnerID=8YFLogxK (Scopus URL) |
PURE Output Type: | Article |
Published Date: | 2023-06-07 |
Published Online Date: | 2023-06-07 |
Accepted Date: | 2023-05-13 |
Authors: |
Jesus, Vitor
(
0000-0002-5884-0446)
Bains, Balraj Chang, Victor ( 0000-0002-8012-5852) |