With new and emerging technologies, cyber-attacks are becoming more sophisticated and are increasing. Information about cyber threats, also known as threat intelligence, is a significant defence component, as it contains context, indicators of compromise (IoCs), implications and advised actions regarding identified and emerging possible threats. However, the application of threat intelligence requires that good-quality data be shared by organisations and states. This aspect of information management is critical to ensure timely and effective prevention, mitigation and defence against cyberattacks.

Intelligence sharing between stakeholders is a defining feature of the cybersecurity community and one of its most important shared challenges. No stakeholder alone can sustainably identify and address all the cyber threats of the fast‑changing digital landscape. Trusted, secure and scalable cyber information sharing needs to be a foundational platform on which all participants of the digital ecosystem can rely (including the Internet Registries which are undoubtedly a critical asset).

 

By exchanging threat intelligence within a sharing community, Internet registries can leverage on collective knowledge, experience, and capability of the community to gain a more complete understanding of the threats. Threat intelligence sharing is therefore a critical tool for the security community. It takes the know-how of one single organisation and shares it across the industry to strengthen the security practices of all. Furthermore, organisations are better able to anticipate attackers’ strategies, identify malicious activity, and block attacks with detailed and contextualized threat intelligence.

There are two aspects of it. One is to share and secondly how do you receive cyber threat information from different sources. For sharing, there are established guidelines written by the European Union Agency for Cybersecurity (ENISA), United States’ National Institute of Standards and Technology (NIST), Cybersecurity and Infrastructure Security Agency (CISA- America’s Cyber Defense Agency) and many more security agencies that describe clearly the ways the cyber threat information is shared and handled. All these guidelines are available online.
 
The other component is from where to get the information. To get information, there are various platforms which are set up and are functional. Some of the examples are MISP, OpenCTI, VirusTotal, McAfee and many others. The Computer Emergency Response Team of Mauritius (CERT-MU) has also set up its own cyber threat information sharing platform which is known as MAUSHILED (based on MISP). MAUSHILED enables enterprises to defend themselves, enhance resilience and conduct collaborative investigations to detect and deter threat actors. The platform’s access is available to researchers and to the public and private organisations.

The key message here is that the Internet registries who have their own platforms could start sharing their information with their peers or in case if they do not have the platform then they can join others for sharing and posting information. This will certainly help them to attain better security and resilience of their infrastructure.