Published On -
Authored by: Dr. Kaleem Ahmed Usmani

Introduction

With new and emerging technologies, cyber-attacks are becoming more sophisticated and are increasing. Information about cyber threats, also known as threat intelligence, is a significant defence component, as it contains context, indicators of compromise (IoCs), implications and advised actions regarding identified and emerging possible threats. However, the application of threat intelligence requires that good-quality data be shared by organisations and states. This aspect of information management is critical to ensure timely and effective prevention, mitigation and defence against cyberattacks.

Why is cyber threat information sharing the key?

Intelligence sharing between stakeholders is a defining feature of the cybersecurity community and one of its most important shared challenges. No stakeholder alone can sustainably identify and address all the cyber threats of the fast‑changing digital landscape. Trusted, secure and scalable cyber information sharing needs to be a foundational platform on which all participants of the digital ecosystem can rely (including the Internet Registries which are undoubtedly a critical asset).
 
By exchanging threat intelligence within a sharing community, Internet registries can leverage on collective knowledge, experience, and capability of the community to gain a more complete understanding of the threats. Threat intelligence sharing is therefore a critical tool for the security community. It takes the know-how of one single organisation and shares it across the industry to strengthen the security practices of all. Furthermore, organisations are better able to anticipate attackers’ strategies, identify malicious activity, and block attacks with detailed and contextualized threat intelligence.

What are the benefits of cyber threat information sharing?

1. Collaboration and reciprocal relationships:

Threat intelligence sharing can provide for increased collaboration fostering reciprocal relationships and trust.

2. Context and perspective:

Different people have different points of view. Threat intelligence sharing can provide interesting and varied findings from people within the community and industry with broad contexts.

3. Bias elimination:

Everyone is susceptible to bias, which can lead to overconfidence or over-optimism while making assessments. Threat intelligence sharing can help to discover the blind spots.

How can you share and receive cyber threat information?

There are two aspects of it. One is to share and secondly how do you receive cyber threat information from different sources. For sharing, there are established guidelines written by the European Union Agency for Cybersecurity (ENISA), United States’ National Institute of Standards and Technology (NIST), Cybersecurity and Infrastructure Security Agency (CISA- America’s Cyber Defense Agency) and many more security agencies that describe clearly the ways the cyber threat information is shared and handled. All these guidelines are available online.
 
The other component is from where to get the information. To get information, there are various platforms which are set up and are functional. Some of the examples are MISP, OpenCTI, VirusTotal, McAfee and many others. The Computer Emergency Response Team of Mauritius (CERT-MU) has also set up its own cyber threat information sharing platform which is known as MAUSHILED (based on MISP). MAUSHILED enables enterprises to defend themselves, enhance resilience and conduct collaborative investigations to detect and deter threat actors. The platform’s access is available to researchers and to the public and private organisations.

Closing note

The key message here is that the Internet registries who have their own platforms could start sharing their information with their peers or in case if they do not have the platform then they can join others for sharing and posting information. This will certainly help them to attain better security and resilience of their infrastructure.
Sources that registries could join to receive and post cyber threat intelligence Information