As the number of cyber-attacks increases dramatically, defence systems lose effectiveness if they do not have access to an updated and comprehensive knowledge base. Such data can be used to determine the patterns of new incidents and train advanced models that can predict and detect them. Current efforts for sharing threat intelligence data (e.g the Malware Information Sharing Platform, MISP, or OpenCTI) work on a centralized (replicated) database, where all participating organizations have to share their threat data.
Cybersecurity information is highly sensitive and confidential. This creates tension between the benefits of improved threat-response capabilities and the drawbacks of disclosing critical information to others. This usually results in patterns where people are reluctant to share relevant information due to the free-rider problem: while some parties disclose information by sharing, others avoid sharing anything and only benefit from third parties. This considerably limits the efficacy of data sharing. Tune Insight’s software resolves this trade-off when sharing cybersecurity information. It enables the participants to collaborate using even critical and valuable cybersecurity information without having to transfer or disclose details to each other. This allows participants to extract valuable insights and build machine-learning models on larger and more relevant collective threat intelligence data and thus enables stronger defence.
Testing critical healthcare infrastructures
armasuisse Science and Technology collaboratively deploys and tests this new software solution together with Tune Insight, the University Hospital Zürich (USZ) and other critical health infrastructures. Secure collective cyber intelligence and resilience is a critical capability of today’s organizations, especially in the area of critical infrastructures. It is therefore essential to collaborate with various organizations through secure cyber threat data sharing to enhance threat-response capabilities.