U.S. Cyber Threat Intelligence Sharing Frameworks

摘要

Malicious actors in cyberspace are gaining increasingly sophisticated tools, techniques, and procedures that are outpacing security solutions. Organized criminals and state-sponsored groups now have ample resources to disrupt or breach conventional defenses. Underground hacker markets provide them with ready access to a plethora of products and services.~1 Attackers often rent large botnets or use similar attack tool kits. For instance, the intelligence firm Crowdstrike recently found twelve malicious groups in China using the same exploit codes within 24 to 72 hours of each other.~2 In many cases, malicious attempts to obtain valuable, sensitive data are not isolated, but part of multi-year campaigns. For their victims, the costs of a successful attack can add up in professional services, lost opportunities, and downtime, plus reputation damage, to almost a million dollars.~3 Targeted organizations need a holistic view of the threat landscape and a proactive security posture to defend against the multitude of threats. Knowing the who, what, where, how, and when of a malicious activity is the only way to decrease its chance of success. Cyber threat intelligence provides knowledge of a malicious actor's capabilities, infrastructure, motives, goals, and resources in cyberspace. The use of this intelligence enables an organization to prioritize defenses around prized assets, focusing on vulnerabilities and ways that an adversary activity can be mitigated.