Cyber defence information sharing in a federated network

Abstract

Military networks rely today on federated systems with coalition or cooperation partners. Examples of this kind of military networks are the NATO lead ‘Federated Mission Networking’ (FMN) project and the US lead ‘Mission Partner Enterprise’ (MPE). The framework of FMN and MPE are very similar and the development of both frameworks goes hand-inhand. The development and understanding of cyber defense mechanism need to include the importance of the extra challenge that is brought by federating networks. In the attempt to counter the threat, federated networks should form groups of interest, where not only technical information is shared within the group for increased ability to counter intrusions, but also analyzed tactical and operational information and to certain extent intrusion method information. Not all militaries or nations are willing to share information on ‘how’ they protect their own networks, but as this paper shows, there is a need to share information on current events as well as events that have transpired. The aim of this paper is to present aspects what different participants in a federated or mission network should share and elaborate why this information needs to be shared. The key finding is a set of information categories that should be shared in a federated network. The paper will firstly present a generic overview of Responsive Cyber Defense, also known as Defensive Cyber Operations- Responsive actions in US terminology, and introduce previous findings regarding benefits of incident information sharing. The second part of the paper will examine different generic Responsive Cyber Defense situations in order to exemplify the new need for information sharing in a federated context. The paper concludes with recommendations and suggestions on issues to take into consideration when establishing a federated network, where Responsive Cyber Defense capabilities are incorporated.