NIST drafts cyber threat info sharing guidance
When an agency identifies and successfully responds to a cyberattack, it gains knowledge that can be used by others facing the same or similar threats. Because attackers often use similar strategies, tools, and methods against multiple organizations, shared threat intelligence can reduce the impact of future attacks.
That’s the thinking behind the National Institute of Standards and Technology’s Draft Special Publication 800-150, Guide to Cyber Threat Information Sharing, designed to exploit cross-agency collective knowledge and experience by actively sharing threat intelligence and ongoing coordination.
SP 800-150 expands upon the guidance introduced in SP 800-61, Computer Security Incident Handling Guide that explores information sharing, coordination and collaboration as part of the incident response life cycle.
This draft introduces information sharing practices, examines formats and protocols that foster interoperability and provides guidance on improving information sharing programs. It also includes guidelines for coordinated incident handling, including producing and consuming data, participating in information sharing communities and protecting incident-related data.
This information-sharing ecosystem will be most effective, says NIST, if all participants have a robust and mature cybersecurity program that helps prioritize response operations, enhance detection capabilities and deploy effective courses of action. Elements of a mature system feature:
- Core cybersecurity capabilities that include a monitoring infrastructure capable of supporting basic event and incident detection, analysis and response efforts.
- Processes for creating, consuming and sharing basic threat intelligence.
- Advanced cybersecurity capabilities, including those enabling technical information exchange, a forensics team, defensive capabilities (honeypots) and advanced analytics and visualization.
In all, NIST lists 30 recommendations in its draft. Comments are due by Nov. 28.
Connect with the GCN staff on Twitter @GCNtech.