UK Government outlines new standards for sharing data on cyberthreats

Written by Sam Trendall on 3 April 2019 in News

Open Standards Board concludes process for selecting standards to be applied to the use of “cyberthreat intelligence systems”

Image credit: Pixabay

The UK Government has revealed details of its new standards for departments to share data on cyberthreats.

The Open Standards Board – an independent advisory body for the Cabinet Office – has concluded a process for selecting standards to be applied to the use of “cyberthreat intelligence systems”.

The Structured Threat Information Expression (STIX 2) standard has been selected for the creation and analysis of cyberthreat intelligence information. The Trusted Automated eXchange of Indicator Information (TAXII 2) standard will cover the transfer of data between organisations.

According to newly published guidance, the two standards will help users convert cyberthreat intelligence information “to a machine-readable format”. Their implementation will also permit increased automation, the government believes.

“This increases the capability for machine-to-machine automated information exchange. This speeds up the threat response and also makes the intelligence more readable for users,” the guidance said.

STIX 2 and TAXII 2 must now be adopted by any civil service users wishing “to analyse and share intelligence between government departments, industry and international partners”. Core users are likely to include security and cyber analysts, and security system administrators.

STIX 2 is a language and data format designed to “describe cyberthreat intelligence in a repeatable way” and thereby reduce the need for users to replicate documents in multiple formats.

To adhere to the standard, analysis information provided by users must cover at least of 12 specified “domain objects”: attack patterns; campaigns; course of action; identity; indicator; intrusion set; malware; observed data; report; threat actor; tool; and vulnerability.

Detail must also be provided on either “relationship” or “sighting” of the cyberthreat in question.

TAXII 2, meanwhile, is a communications protocol that allows users to “share timely intelligence with relevant user groups in a standardised format”. Its adoption across government is intended to reduce the need for information to be sent via email.

Users can employ a restful API to adopt the standard. They can also create a TAXII Collection – which is “an interface to a logical collection of cyber threat intelligence” – or make use of a TAXII Channel, in which “a publish-subscribe model” allows users to exchange data, according to the guidance.

“Other governments already use STIX 2 and TAXII 2,” the document added. “Security technology suppliers are also starting to use these standards. Wider use of these standards makes it easier to share analysis of threat intelligence.

“These standards provide a way to link indicators of compromise – evidence of a cyberattack – to tactics, techniques and procedures… This will allow you to: identify the source of a cyberattack; increase the view of the threats your organisation faces; [and] link previously unassociated events.”

Chaired by Government Digital Service design chief John Strudwick, The Open Standards Board is comprised of 11 experts drawn from across government, industry, and academia. It was formed by the Public Expenditure Committee (Efficiency Reform), an entity which emerged from the 2014 closure of the joint Cabinet Office-Treasury Efficiency Reform Group.



Related Articles

National Cyber Security Centre urges WhatsApp users to update their phones after a security attack
14 May 2019

The NCSC warned that “it’s important to apply these updates quickly, to make it as hard as possible for attackers to get in”

Threat of UK cyberattack as large as ever, warns National Cyber Security Centre
28 April 2019

Ciaran Martin, the chief executive of the NCSC, stated publicly that the UK suffering a category-one cyberattack is “a matter of when, not if”

Ministry of Defence pledges £66m in funding “to fast-track military robotic projects onto the battlefield”
6 March 2019

Technologies that will be supported include “mini-drones” that can provide an aerial view of a battlefield, and remote-control systems for combat vehicles

HMRC to open high-tech Edinburgh hub
17 June 2019

Plans to relocate almost 3,000 civil servants to a new office building in Edinburgh city centre have...

Related Sponsored Articles

Balancing security and digital transformation
24 October 2018

With the annual worldwide cost of cybercrime set to double from $3tn in 2015 to $6tn by 2021, BT offers advice on how chief information security officers can better...

Associate feature: 5 ways IoT is transforming the public sector
5 February 2018

Vodafone explores some of the ways IoT is significantly improving public sector service delivery

Associate feature: Who keeps your organisation secure?
19 February 2018

BT's Amy Lemberger argues that having the right security in place to protect your organisation is no longer just an option. It is a necessity.

Associate feature: The age of the multi-cloud is here
7 May 2019

BT explores how to manage the risks and rewards of the cloud in their infographic guide, offering advice for ensuring that the challenges don't hold you back 

Share this page