Towards improved cyber security information sharing

There is a requirement for improved information sharing and automation in the cyber security domain. Current practices and supporting technologies limit the ability of organizations to take full advantage of their staff´s expertise and the trust relationships they have established with each other in their efforts to secure their communication and information systems. Limitations include the lack of interoperable standards, the absence of mechanisms to govern and control the use of sensitive information, and problems validating data quality. While centralized repositories, distribution lists and web services have been adopted in an attempt to address the requirement, the underlying needs are only partly met by these approaches, which do not deliver the required efficiency and effectiveness. Analysis of the specific constraints applicable in the cyber security domain led to definition of the Cyber Security Data Exchange and Collaboration Infrastructure (CDXI) capability. CDXI provides a knowledge management tool for the cyber security domain whose objectives are to facilitate information sharing, enable automation, and facilitate the generation, refinement and vetting of data through burden-sharing collaboration or outsourcing. The capability is defined through a set of high-level requirements that are both necessary and sufficient. This paper describes the high-level requirements and provides a brief description of the work performed to develop the CDXI concept to date as well as planned future work.