Threat intelligence is a surprisingly complex topic that goes far beyond the obvious technical challenges of collecting, modelling and sharing technical indicators. Most books in this area focus mainly on technical measures to harden a system based on threat intel data and limit their scope to single organizations only. This book provides a unique angle on the topic of national cyber threat intelligence and security information sharing. It also provides a clear view on ongoing works in research laboratories world-wide in order to address current security concerns at national level. It allows practitioners to learn about upcoming trends, researchers to share current results, and decision makers to prepare for future developments.
Table of Contents
1. Introduction, Florian Skopik
2. A Systematic Study and Comparison of Attack Scenarios and Involved Threat Actors, Timea Pahi and Florian Skopik
3. From Monitoring, Logging, and Network Analysis to Threat Intelligence Extraction, Ivo Friedbert, Markus Werzenberger, Abdullah Al Balushi, and Boojong Kang
4. The Importance of Information Sharing and Its Numerous Dimensions to Circumvent Incidents and Mitigate Cyber Threats, Florian Skopik, Guiseppe Settanni, and Roman Fiedler
5. Cyber Threat Intelligence Sharing through National and Sector-Oriented Communities, Frank Fransen and Richard Kerkdijk
6. Situational Awareness for Strategic Decision Making on a National Level, Maria Leitner, Timea Pahi, and Florian Skopik
7. Legal Implications of Information Sharing, Jessica Schroers and Damian Clifford
8. Implementation Issues and Obstacles from a Legal Perspective, Erich Schweighofer, Vinzenz Heussler, and Walter Hotzendorfer
9. Real-World Implementation of an Information Sharing Network: Lessons Learned from the Large-Scale European Research Project ECOSSIAN, Giuseppe Settanni and Timea Pahi
Florian Skopik currently works in the ICT Security Research Team at the Austrian Institute of Technology (AIT) as Senior Scientist, where he is responsible for national and international research projects (in course of the EU FP7). The main topics of these projects are centered around smart grid security, security of critical infrastructures, and national cyber security and defense. Due to this research focus, the ICT Security Research Team works in close collaboration with national authorities, such as the Minstry of the Interior and the Ministry of Defense. Before joining AIT, Florian was with the Distributed Systems Group at the Vienna University of Technology as a research assistant and post-doctoral research scientist from 2007 to 2011, where he was involved in a number of international research projects dealing with cross-organizational collaboration over the Web. In context of these projects, he also finished his PhD studies. Florian further spent a sabbatical at IBM Research India in Bangalore for several months. He published around 75 scientific conference papers and journal articles, and is member of various conference program committees and editorial boards. In parallel to his studies, he was working in the industry as firmware developer for microcontroller systems for more than 10 years. Florian is IEEE Senior Member and Member of the Association for Computing Machinery (ACM).