Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem

Threat intelligence helps businesses and organisations make the right decisions in their fight against cyber threats, and strategically design their digital defences for an optimised and up-to-date security situation. Combined with advanced security analysis, threat intelligence helps reduce the time between the detection of an attack and its containment. This is achieved by continuously providing information, accompanied by data, on existing and emerging cyber threats and vulnerabilities affecting corporate networks. This paper addresses challenges that organisations are bound to face when they decide to invest in effective and interoperable cybersecurity information sharing and categorises them in a layered model. Based on this, it provides an evaluation of existing sources that share cybersecurity information. The aim of this research is to help organisations improve their cyber threat information exchange capabilities, to enhance their security posture and be more prepared against emerging threats

Maritime Cyber Security Incident Data Reporting for Autonomous Ships

The main research objective of this thesis was to find a suitable data model to be used for incident reporting purposes in the use case of autonomous shipping. To reach this objective, some research into the maritime industry, autonomous shipping, and incident management and reporting was needed. Research into these topics was conducted via a literature review. After these topics were investigated, some current incident data modeling and sharing methods were researched. Out of these IODEF seemed like the most suitable one for our use case, so it was chosen for further inspection. The IODEF specification was looked into more closely and a conclusion was ultimately made that the IODEF data model is suitable for reporting incident data from autonomous ships to the shore control center. However, the model was still missing some key information needed for this use case, so an extension for the data model was designed. The data model and extension were then put to test via different use scenarios to test applicability for the needs of autonomous shipping. From these use scenarios it was inferred that the model is applicable for the many different incident data reporting needs of autonomous shipping. Further analysis and testing was then conducted, including a transport test over cellular and satellite connections. The test and analysis further validated the use of the data model. All in all, the research was a success and a good data model was found for reporting incidents from autonomous ships. The work with the data model will continue further outside this thesis