Further Collaboration. All interviewees offer further support and collaboration, through developing links, providing support of different kinds, and further participating in the co-design and workshop actions. Current and Future Needs / Collaboration Group • Collaboration is required primarily for exchange of threat intelligence. • Best form is a “virtual team”, using hosted facilities. • Key roles: platform hosting (maintain database and communication facilities, receive information to share, share information with relevant targets, provide centralised analysis); group collaboration (formation, identifying contact points, participation in sharing). • Technical experts add data from authoritative data sources. • Membership should be IM/RU, with links to DSP and Suppliers Issues around Sharing / Supporting Services • Sharing may have to be anonymised, and trust is critical for team success. • Organisations need to agree what triggers sharing - events and information of interest. • Identified items are alerts (incident or attempt), bulletins (security news), awareness. • Training and exchange of experience can be supported by ISC / ENISA Technical Facilities • Database and communications for holding and sharing security information. • Target technology is MISP since it is already in use in rail. • MISP central instance linked to IM/RU local instances addresses requirements. • Rule-based filters can allow selection of preferred content. • Platform hosting should be secure and tested to ensure control of data Additional Issues • Naming the initiative CSIRT is misleading, ad so new name is required. • Sharing with the ▇▇-▇▇▇▇ should be formalised
Appears in 2 contracts
Sources: Deliverable D3.2, Grant Agreement