PRACIS: Privacy-preserving and aggregatable cybersecurity information sharing

Cooperative cyberdefense has been recognized as an essential strategy to fight against cyberattacks. Cybersecurity Information Sharing (CIS), especially about threats and incidents, is a key aspect in this regard. CIS provides members with an improved situational awareness to prepare for and respond to future cyberthreats. Privacy preservation is critical in this context, since organizations can be reluctant to share information otherwise. This is particularly critical when CIS is facilitated through an untrusted infrastructure provided by a third party (e.g., the cloud). Despite this, current data formats and protocols for CIS do not guarantee any form of privacy preservation to participants. In this paper we introduce PRACIS, a scheme for CIS networks that guarantees private data forwarding and aggregation. PRACIS leverages the well-known Structured Threat Information Expression (STIX) standard data format. Remarkably, PRACIS can be seamlessly integrated with existing STIX-based message brokering middleware such as publish-subscribe architectures. PRACIS achieves these goals by combining standard format-preserving and homomorphic encryption primitives. We discuss experimental results obtained with a prototype implementation developed for a subset of STIX. Results show that entities may create up to 689 incidents per minute, far beyond the estimated average of 81. Moreover, aggregation of 104 incidents can be carried out in just 2.1 s, and the transmission overhead is just 13.5 kbps. Overall, these results suggest that the costs incurred by PRACIS are easily affordable in real-world scenarios.This work was partially supported by the MINECO grant TIN2013-46469-R (SPINY); the CAM grant S2013/ICE-3095 (CIBERDINE), which is co-funded by European FEDER; J. M. de Fuentes and L. Gonzalez were also supported by the Programa de Ayudas para la Movilidad of Carlos III University of Madrid, Spain

Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem

Threat intelligence helps businesses and organisations make the right decisions in their fight against cyber threats, and strategically design their digital defences for an optimised and up-to-date security situation. Combined with advanced security analysis, threat intelligence helps reduce the time between the detection of an attack and its containment. This is achieved by continuously providing information, accompanied by data, on existing and emerging cyber threats and vulnerabilities affecting corporate networks. This paper addresses challenges that organisations are bound to face when they decide to invest in effective and interoperable cybersecurity information sharing and categorises them in a layered model. Based on this, it provides an evaluation of existing sources that share cybersecurity information. The aim of this research is to help organisations improve their cyber threat information exchange capabilities, to enhance their security posture and be more prepared against emerging threats

Cybersecurity Information Sharing: Analysing an Email Corpus of Coordinated Vulnerability Disclosure

Cybersecurity Information Sharing: Analysing an Email Corpus of Coordinated Vulnerability Disclosure. K Sridhar, A Householder, JM Spring, DW Woods. The 20th Workshop on the Economics of Information Security (WEIS 2021

Proposed US and UK Laws Will Entrench Surveillance Powers Across the Atlantic

The article discusses and compares the proposed legislation governing the use of surveillance powers in the United Kingdom (UK), namely the Investigatory Powers Bill (now the Investigatory Powers Act 2016) and the United States (US) Cybersecurity Information Sharing Act 2015. These laws reflect the UK and US governments' attempt to clarify and consolidate the use of the surveillance methods, whilst attempting to address their citizens' significant privacy and security concerns. The piece examines the extent to which the proposed legislation has achieved these aims

Sony, Cyber Security, and Free Speech: Preserving the First Amendment in the Modern World

Reprinted from 16 U.C. Davis Bus. L.J. 309 (2016). This paper explores the Sony hack in 2014 allegedly launched by the North Korean government in retaliation over Sony’s production of The Interview and considers the hack’s chilling impact on speech in technology. One of the most devastating cyber attacks in history, the hack exposed approximately thirty- eight million files of sensitive data, including over 170,000 employee emails, thousands of employee social security numbers and unreleased footage of upcoming movies. The hack caused Sony to censor the film and prompted members of the entertainment industry at large to tailor their communication and conform storylines to societal standards. Such censorship cuts the First Amendment at its core and exemplifies the danger cyber terror poses to freedom of speech by compromising Americans’ privacy in digital mediums. This paper critiques the current methods for combatting cyber terror, which consist of unwieldy federal criminal laws and controversial information sharing policies, while proposing more promising solutions that unleash the competitive power of the free market with limited government regulation. It also recommends legal, affordable and user-friendly tools anyone can use to secure their technology, recapture their privacy and exercise their freedom of speech online without fear of surreptitious surveillance or retaliatory exposure

Navigating Cyberthreat Intelligence with CYBEX-P: Dashboard Design and User Experience

As the world’s data exponentially grows, two major problems increasingly need to be solved. The first is how to interpret large and complex datasets so that actionable insight can be achieved. The second is how to effectively protect these data and the assets they represent. This thesis’ topic lies at the intersection of these two crucial issues. The research presented in the thesis learns from past work on applying data visualization to multiple domains, with a focus on cybersecurity visualization. These learnings were then applied to a new research area: cybersecurity information sharing. The frontend considerations for CYBEX-P, a cybersecurity information sharing platform developed at UNR, are discussed in detail. A user-facing web application was developed from these requirements, resulting in an approachable, highly visual cyberthreat investigation tool. The threat-intelligence graph at the center of this dashboard-style tool allows analysts to interact with indicators of compromise and efficiently reach security conclusions. In addition to research and related software development, a user study was conducted with participants from cybersecurity backgrounds to test different visualization configurations. Subsequent analysis revealed that the misuse of simple visual properties can lead to perilous reductions in accuracy and response-time. Recommendations are provided for avoiding these pitfalls and balancing information density. The study results inform the final functionalities of the CYBEX-P front end and serve as a foundation for similar prospective tools. By improving how insights can be extracted from large cybersecurity datasets, the work presented in the thesis paves the way towards a more secure and informed future in a technology-driven world