429
Conceptual Framework
for Cyber Defense
Information Sharing
within Trust Relationships
Abstract: Information and Communication Technologies are increasingly intertwined across
the economies and societies of developed countries. Protecting these technologies from cyber-
threats requires collaborative relationships for exchanging cyber defense data and an ability to
establish trusted relationships. The fact that Communication and Information Systems (CIS)
security
1
is an international issue increases the complexity of these relationships. Cyber defense
collaboration presents specifi c challenges since most entities would like to share cyber-related
data but lack a successful model to do so.
We will explore four aspects of cyber defense collaboration to identify approaches for improving
cyber defense information sharing. First, incentives and barriers for information sharing, which
includes the type of information that may be of interest to share and the motivations that cause
social networks to be used or stagnate. Second, collaborative risk management and information
value perception. This includes risk management approaches that have built-in mechanisms
for sharing and receiving information, increasing transparency, and improving entity peering
relationships. Third, we explore procedural models for improving data exchange, with a focus
on inter-governmental collaborative challenges. Fourth, we explore automation of sharing
mechanisms for commonly shared cyber defense data (e.g., vulnerabilities, threat actors, black/
white lists).
In order to reach a common understanding of terminology in this paper, we leverage the NATO
CIS Security Capability Breakdown
[19], published in November 2011, which is designed to
Diego Fernández Vázquez,
Oscar Pastor Acosta
Defence and Security Division
ISDEFE
Madrid, Spain
{dfvazquez, opastor}@isdefe.es
Christopher Spirito
International Operations
The MITRE Corporation
Bedford, MA 01730
cspirito@mitre.org
Sarah Brown,
Emily Reid
Cyber Security Division
The MITRE Corporation
Bedford, MA 01730
{sbrown, ereid}@mitre.org
2012 4th International Conference on Cyber Confl ict
C. Czosseck, R. Ottis, K. Ziolkowski (Eds.)
2012 © NATO CCD COE Publications, Tallinn
Permission to make digital or hard copies of this publication for internal use within
NATO and for personal or educational use when for non-profi t or non-commercial
purposes is granted providing that copies bear this notice and a full citation on the
first page. Any other reproduction or transmission requires prior written permission
by NATO CCD COE.
1
The ability to adequately protect the confi dentiality, integrity, and availability of Communication and
Information Systems (CIS) and the information processed, stored or transmitted.
