Categories
IT Security Outsourced IT

Interoperability and Sharing Data

What is Interoperability?

As cyberthreats are constantly emerging, interoperability is critical for defending systems from cyberattacks. Interoperability is the ability to pass information from one application to another, allowing them to work together. With the rise of Internet of Things (IoT) devices and interconnected devices, ensuring that all cybersecurity applications can communicate and share data effectively is crucial. Examples of interoperability can range from ensuring that language and alphanumeric cues developers use across applications are consistently applied and understood, to utilizing application programming interface (API) technology to allow different applications to interact with each other. Without interoperability, security systems may not be able to detect and respond to threats quickly or efficiently, which leaves systems vulnerable to cyberattacks.

Sharing cyber threat information and intelligence (CTII) is a highly sensitive task that needs to be undertaken with the highest levels of security. Rantos et al.1 have provided guidance on recognizing and addressing interoperability concerns, so that CTII can be shared securely. The following are interoperability layers to consider when you are sharing your own sensitive data:

Legal interoperability. Legal interoperability is about ensuring that the legal frameworks under which organizations operate and provide services are aligned and do not impede the sharing of CTII or other protected data. Legal constraints may also prohibit or restrict the uncontrolled sharing of CTII, such personally identifiable information (PII). One of the main legal restrictions from the EU’s General Data Protection Regulation (GDPR) relates to any PII shared with external entities without the user’s consent. CTII sharing with external entities should not impact privacy and sharing parties must take measures to properly anonymize or pseudonymize any records of data that could otherwise be used to identify individuals.

Policies and procedures for interoperability. Organizations’ information sharing policies and procedures are formal statements that reflect the organization’s objectives and detailed instructions to achieve these objectives respectively. These are typically part of the organization’s information security policy and must be endorsed by the organization’s leadership. Among the issues that the organization has to consider at this layer when deciding to share CTII or other sensitive or protected data, are the 5 Ws and 1 H that have to be answered prior to start sharing:

  • Why to share
  • Who to share with
  • What to share
  • When to share
  • Where to use
  • How to share

Sharing of private information between parties should be driven by agreements that should consider:

  • The type of information that satisfies the organizations’ business needs.
  • The form of information exchange that is going to take place, such as emails, bulletins, documents, and automated sharing.
  • Confidentiality requirements for the exchanged information and the dissemination restrictions.
  • Parties authorized to access, process, and use the information.
  • Technical standards used for the exchange of information to satisfy syntactic and semantic interoperability.
  • Language issues for cross-border dissemination.
  • Communication protocols and access to services.

Semantic and syntactic interoperability. Semantics are introduced to convey the necessary meaning for syntactically correct messages. Although, in the sharing process, sources may disseminate unstructured information that hinder data processing (such as information found on social media or news), several standards have been introduced for properly exchanging CTII or other protected data among stakeholders. Compliance with standards facilitates the automated sharing of information as well as the ingestion, analysis, and integration.

Technical interoperability. Technical interoperability is related to the implementation of the necessary tools and APIs to support the automated exchange of information, which includes both consumption and delivery, as well as the support of the underlying communication protocols used for conveying information. It typically involves many layers of the TCP/IP stack in formulating and transferring these messages. Other technical issues that have to be considered during sharing are related to the protection of information against unauthorized disclosure or modification.

1 Rantos et al., 2020, “Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem”