Cybersecurity Peer-to-Peer Knowledge/Lessons Learned Tool

The increasing number of breaches and hacks against organizations demands new and more effective ways to provide defense. Currently, most defense activities, such as monitoring, analysis, forensics, and remediation are done within house. This is unfortunate because the external knowledge and experience of others outside the organization cannot easily be leveraged. Our proposal focuses on the design of a peer-to-peer cyber knowledge sharing/collaboration tool, where trusted parties (across organizations) can exchange valuable cyber knowledge, without increasing their risk (e.g., exposing their weaknesses). Our work in Phase I will focus on leveraging existing representations of cyber knowledge, combined with a novel approach to trusted, peer-to-peer sharing, so collective awareness and tactics are improved. The method of establishing trust without compromising privacy will be a key theme in Phase I. Our work will also include the the design an open source, extensible sharing/collaboration tool, and we will investigate deployment strategies that encourage use by participants, to help break the ice that normally exists between external parties. To help understand this better, we will solicit feedback from security professionals and observe current examples of cyber knowledge sharing, including relevant efforts that involve a partner company.