Intelligence sharing is the exchange of classified intelligence between organizations within the same administration or country. More specifically, it is the capacity to communicate information, material, technology, or expertise as necessary between Federal, state, municipal, or private-sector agencies. Interagency agreements, as well as international institutions, are used to share intelligence. The goal of intelligence sharing is to make reliable information available to a broader group of decision-makers. One of the subtopics of the mentioned concept worth researching is sharing threat intelligence, a crucial defensive measure against the growing number of security dangers to which corporations and organizations are vulnerable.
One of the recent researches on sharing threat intelligence concerns cyber technologies. As such, Wagner et al. (2019), in the article “Cyber threat intelligence sharing: Survey and research directions”, investigate and address several issue points of focus on the broader subject of sharing cyber threat intelligence. This work includes a substantial amount of publications from scientific literature and concentrates on technological and non-technical issues. Wagner et al. (2019) concluded that “CTI sharing is establishing itself to become a powerful weapon to defend against adversaries” (p. 11). Yet, although the article has incorporated multiple sources, it has not addressed any practical questions about CTI, such as its actionability.
Next, research was done about threat intelligence sharing platforms (TISPs). Namely, Bauer et al. (2020) provided an approach for evaluating and comparing pertinent data on TISPs. They illustrated the utility of their assessment approach by evaluating functional organizations: MISP, OTX, and ThreatQ. Moreover, they discussed the similarities and differences between these networks. The criteria for evaluation discovered by Bauer et al. (2020) could be seen as those that suggest the actionability of a platform and could be used for other assessments. Thus, the study provided a valuable framework for evaluating threat intelligence-sharing platforms.
Finally, the literature on threat intelligence sharing includes information about the use of blockchain as a supporting technology. Specifically, Wu et al. (2019), to solve open security challenges, proposed TITAN, an innovative trust augmentation architecture for distributive sharing focused on utilizing P2P recommender systems. Moreover, they explained the platform’s primary characteristics and described its functioning, including its applicability to a specific example. Hence, the revolutionary idea of Wu et al. (2019) is present in the paper but has not been studied thoroughly yet. Thus, there is a possibility for further research on the topic of threat intelligence sharing via blockchain.
The mentioned earlier researches are valuable for the investigation of the technologies involved in threat intelligence sharing. Moreover, there is a topic that can be studied further based on the findings provided by these articles. Namely, the blockchain platform for threat intelligence sharing has not been thoroughly evaluated on the matter of its actionability. An example of such a blockchain platform is TITAN, which Wu et al. (2019) described in their work, although other alternatives could also be considered. Furthermore, the literature survey of Wagner et al. (2019) could be utilized for theoretical background, while Bauer et al. (2020) demonstrated an appropriate framework for evaluation. The topic needs to be researched because the number of cyber assaults and threats is increasing all the time, and some thoughtful counteraction needs to be done. The study would benefit the governments of multiple countries, as well as their administrative subdivisions and some business corporations.
References
Bauer, S., Fischer, D., Sauerwein, C., Stelzer, D., Breu, R., & Latzel, S. (2020). Towards an evaluation framework for threat intelligence sharing platforms. Cybersecurity and Privacy in Government.
Wagner, T. D., Mahbub, K., Palomar, E., & Abdallah, A. E. (2019). Cyber threat intelligence sharing: Survey and research directions.Computers & Security, 87, 101589.
Wu, Y., Qiao, Y., Ye, Y., & Lee, B. (2019). Towards improved trust in threat intelligence sharing using blockchain and trusted computing. 2019 Sixth International Conference on Internet of Things: Systems, Management and Security.