Government implements open standards for cyberthreat intelligence

Written by Sam Trendall on 3 April 2019 in News

Users must adopt TAXII 2 and STIX 2 to analyse and share data on attacks

The government has revealed details of its new standards for departments to share data on cyberthreats.

The Open Standards Board – an independent advisory body for the Cabinet Office – has concluded a process for selecting standards to be applied to the use of “cyberthreat intelligence systems”.

The Structured Threat Information Expression (STIX 2) standard has been selected for the creation and analysis of cyberthreat intelligence information. The Trusted Automated eXchange of Indicator Information (TAXII 2) standard will cover the transfer of data between organisations.

According to newly published guidance, the two standards will help users convert cyberthreat intelligence information “to a machine-readable format”. Their implementation will also permit increased automation, the government believes.

“This increases the capability for machine-to-machine automated information exchange. This speeds up the threat response and also makes the intelligence more readable for users,” the guidance said.

Related content

STIX 2 and TAXII 2 must now be adopted by any civil service users wishing “to analyse and share intelligence between government departments, industry and international partners”. Core users are likely to include security and cyber analysts, and security system administrators.

STIX 2 is a language and data format designed to “describe cyberthreat intelligence in a repeatable way” and thereby reduce the need for users to replicate documents in multiple formats. 

To adhere to the standard, analysis information provided by users must cover at least of 12 specified “domain objects”: attack patterns; campaigns; course of action; identity; indicator; intrusion set; malware; observed data; report; threat actor; tool; and vulnerability. 
Detail must also be provided on either “relationship” or “sighting” of the cyberthreat in question.

TAXII 2, meanwhile, is a communications protocol that allows users to “share timely intelligence with relevant user groups in a standardised format”. Its adoption across government is intended to reduce the need for information to be sent via email.

Users can employ a restful API to adopt the standard. They can also create a TAXII Collection – which is “an interface to a logical collection of cyber threat intelligence” – or make use of a TAXII Channel, in which “a publish-subscribe model” allows users to exchange data, according to the guidance.

“Other governments already use STIX 2 and TAXII 2,” the document added. “Security technology suppliers are also starting to use these standards. Wider use of these standards makes it easier to share analysis of threat intelligence.

“These standards provide a way to link indicators of compromise – evidence of a cyberattack – to tactics, techniques and procedures… This will allow you to: identify the source of a cyberattack; increase the view of the threats your organisation faces; [and] link previously unassociated events.”

Chaired by Government Digital Service design chief John Strudwick, The Open Standards Board is comprised of 11 experts drawn from across government, industry, and academia. It was formed by the Public Expenditure Committee (Efficiency Reform), an entity which emerged from the 2014 closure of the joint Cabinet Office-Treasury Efficiency Reform Group.

About the author

Sam Trendall is editor of PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

Can the GDS innovation strategy deliver a lasting legacy for government?
14 August 2019

Government's new Innovation Strategy set out ambitious proposals to update processes, eliminate ageing kit, and embrace emerging technologies. PublicTechnology caught up with...

Start-ups can show the way to public sector transformation
27 August 2019

Hanna Johnson of tech accelerator Public believes that transforming citizen services will require government to adopt new ways of buying and using technology

GDS boss looks to work closer with Treasury on project planning
20 September 2019

Alison Pritchard says organisation would like to be involved at an earlier stage of projects

Related Sponsored Articles

The age of virtualisation
17 September 2019

After more than 20 years of stability, networks are going through a period of dramatic transformation. BT looks beyond the hype at the real benefits of virtualisation.

Digital Transformation: Connecting and protecting with perfect predictability
10 September 2019

How can you stay ahead in the fast-paced world of digital technology? BT describes how it's a matter of focus... 

How to stay ahead of a changing threat landscape
3 September 2019

The security threat landscape is confusing and changing rapidly – there’s so much out there, how do you understand where the true risks are? BT offers insight from their own experience

The cyber security skills challenge: Hiring for tomorrow
27 August 2019

Organisations must alter their approach to cyber security recruitment in order to combat the global shortage of security professionals, writes BT