CitySCAPE and the importance of CTI sharing within CERTs/CSIRTs community

 

Nowadays cyber criminals are exploiting more and more vulnerabilities as the attack surface is fastly expanding. To efficiently respond to this phenomenon, the CERTs/CSIRTs teams community need to share their knowledge. By CTI sharing, they can increase both individual and collective resilience, and also their capacity to proactively respond to new potential threats.

Therefore, one key component of the CitySCAPE project is CTI sharing. This goes both ways, from CitySCAPE platform to CERTs/CSIRTs, and from CERTs/CSIRTs to CitySCAPE. CTI exchange is especially important in the following areas:

  • Early detection and proactive network protection

New indicators of compromise (IOC) can be discovered by sharing information between different services (Security Operations Center, Incident Response, Threat Intelligence) and correlating it. (CitySCAPE Amendment, p. 26)

  • Incident analysis

Security Operations Center, Incident Response and Threat Intelligence teams can carry out investigations on artefacts coming from incident responses or management tools for security information (SIEM), in a collaborative manner. This way, both detection and response time will increase. (CitySCAPE Amendment, p. 26)

  • Alerting and reporting

Overall CTI sharing process will generate alerts and reports towards the CitySCAPE security management team and CERTs/CSIRTs. (CitySCAPE Amendment, p. 16)

  • Cyber Security Awareness

All CitySCAPE related activities and outcomes shall be disseminated to the CSIRTs network through DNSC, responsible for awareness raising within the CERTs/CSIRTs community. Thus, new attack trends can be identified and timely security recommendations can be sent to the stakeholders. (CitySCAPE Amendment, p. 34)

The Romanian National Cyber Security Directorate (DNSC) ensure the cyber security of the national civilian cyberspace, in collaboration with the competent institutions and authorities. DNSC is the competent authority at the national level for the national civilian cyberspace, including the management of risks and cyber incidents, performing functions and responsibilities such as: strategy and planning, cooperation and collaboration, analysis and forecasting, national CSIRT, identification, evaluation, monitoring and mitigation of cyber risks, alerting, prevention, awareness, and training, national competent authority for regulation, supervision, and control.

The 10th edition of the European Cybersecurity Month (ECSM), an event that promotes online security among European users, has recently ended. The Romanian National Cyber Security Directorate (DNSC) is part of the ECSM since its pilot project in 2012 and acted as a national coordinator and member of the organising team at EU level.

” In recent years, attacks on European users have become increasingly frequent and complex. Unfortunately, cybercriminals often manage to compromise, with minimal investment, computer systems, websites or devices. Cybersecurity is a shared responsibility, so it is necessary that each of us regularly update our daily security routine and hygiene to keep up with these threats. The European Cyber Security Month offers a series of extremely useful tools for the common user, through which he can attain vital security reflexes when active in the online environment,” said Dan Cîmpean, the DNSC Director. (https://www.dnsc.ro/citeste/comunicat-presa-ecsm-2022)

On 27-28th of October, DNSC organised “The Bucharest Cybersecurity Conference”, a major event for national and international actors involved in the cybersecurity field. The CITYSCAPE Project was presented in a dedicated projects panel session.