News on CONCORDIA Finacial Pilot
Continuing our series of posts about Cybersecurity and the exploitation of Cyber Threat Intelligence (CTI) information sharing in the Financial Sector, we want to update you on the advances of our work in CONCORDIA Financial Pilot. We identified that one of the main roadblocks of a widespread information sharing and real industrial collaboration in terms of CTI is the reluctancy of the industrial entities to share. In some cases, this reluctancy is influenced by strict regulations and the potential impact of a non-desirable data breach.
As introduced in our previous posts, CONCORDIA Financial Threat Intelligence Platform is designed as a series of add-ons that work over MISP in order to reduce that reluctancy of financial institutions and foster them to share information and collaborate. That information could include CTI related to a cyberattack such as tactics, techniques and procedures (TTP), Indicators of Compromise (IoCs), IP domains or a cyberfraud (e.g. Mule bank accounts, etc.).
In that sense, we are happy to inform that we joined forces with CyberSec4Europe project, which was also considering those challenges on the widespread CTI information sharing. We integrated functionalities built on both projects in order to provide a combined solution with several options for industrial end-users, allowing them to have a fine-grained control and protection of the CTI shared data. We built it over MISP, aligned with CONCORDIA vision of a European Threat Intelligence platform that allow cross-sectorial industries and administrations cooperate, share actionable cybersecurity IoCs and help each other to be react as fast as possible against potential attacks.
Considering a financial institution that has already deployed MISP and wants to share information, the level of reluctancy for sharing the data is really high because there is a luck of trust on large communities when sharing CTI. The solution built allow those entities to split that problem into very granular groups and configure for each of those groups how they want to protect the information to be sahred. It allows to configure through the UI or policies if they want to encrypt or anonymize each of the different fields of shared IoC. Based on that, the solution was tested in a use case with 4 different scenarios including from data tagged as TLP Green (publicly available information) to very sensitive data that cannot be shared without completely anonymizing it.
It also allows to share encrypted information that will be only accessible by specific individual people or roles of a single entity or a group of financial stakeholders also with the aim at increasing the level of trust in the financial information sharing.
We expect that with this solution, CONCORDIA will help to foster and empower the CTI information sharing and especially on the collaboration of financial institutions at European level.
(By Ramon Martín de Pozuelo – CaixaBank, Jose Francisco Ruiz – ATOS)