Mr Luc Dandurand joined the NATO Communications and Information Agency in January 2009 where he performs R&D work in Cyber Defence and supports projects such as the NCIRC FOC. Prior to that, as a Signals Officer in the Canadian Forces, he was an analyst in the Directorate of Scientific and Technical Intelligence, he led the CF’s Network Vulnerability Analysis Team, and he founded the CF Joint Red Team, responsible for assessing the security of CF networks by conducting controlled cyber-attacks. He then joined the Communication Security Establishment of Canada to lead a team that prototyped novel solutions in Cyber Defence.
Towards Improved Cyber Security Information Sharing
Co-author: Oscar Serrano Serrano (NCIA)
There is a requirement for improved information sharing and automation in the cyber security domain. Current practices and supporting technologies limit the ability of organizations to take full advantage of their staff’s expertise and the trust relationships they have established with each other in their efforts to secure their communication and information systems. Limitations include the lack of interoperable standards, the absence of mechanisms to govern and control the use of sensitive information, and problems validating data quality. While centralized repositories, distribution lists and web services have been adopted in an attempt to address the requirement, the underlying needs are only partly met by these approaches, which do not deliver the required efficiency and effectiveness.
Analysis of the specific constraints applicable in the cyber security domain led to definition of the Cyber Security Data Exchange and Collaboration Infrastructure (CDXI) capability. CDXI provides a knowledge management tool for the cyber security domain whose objectives are to facilitate information sharing, enable automation, and facilitate the generation, refinement and vetting of data through burden-sharing collaboration or outsourcing. The capability is defined through a set of high-level requirements that are both necessary and sufficient. This paper describes the high-level requirements and provides a brief description of the work performed to develop the CDXI concept to date as well as planned future work.