Skip to main content
Springer Nature Link
Log in

Cyber Security Information Sharing During a Large Scale Real Life Cyber Security Exercise

  • Conference paper
  • First Online:
Good Practices and New Perspectives in Information Systems and Technologies (WorldCIST 2024)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 987))

Included in the following conference series:

  • 351 Accesses

Abstract

In the event of a cyber attack, the efficient production and utilisation of situational information is achieved by sharing information with other actors. In our research, we have discovered how information related to cyber security can be shared online as efficiently as possible between organisations. We used the constructive method to implement a cyber sercurity information sharing network using the Malware Information Sharing Project (MISP). The model was tested in a pilot exercise in fall 2021. The key findings in connection with the pilot showed that it is particularly important for the recipient of information security information how quickly and accurately the information security event is described. In order to help quick reaction, it would also be necessary to implement informal channels, through which security information can be shared easily without structured event descriptions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. CERT. https://www.kyberturvallisuuskeskus.fi/en/our-activities/cert

  2. HAVARO Service \(|\) NCSC-FI. https://www.kyberturvallisuuskeskus.fi/en/havaro-service

  3. ISAC Information Sharing Groups — NCSC-FI. https://www.kyberturvallisuuskeskus.fi/en/our-services/situation-awareness-and-network-management/isac-information-sharing-groups

  4. My Kanta pages - Citizens. https://www.kanta.fi/en/my-kanta-pages

  5. Omaolo Service. https://digifinland.fi/en/our-operations/omaolo-service/

  6. Reference Incident Classification Taxonomy. https://www.enisa.europa.eu/publications/reference-incident-classification-taxonomy

  7. CIRCL: Traffic Light Protocol (TLP) - Classification and Sharing of Sensitive Information. https://www.circl.lu/pub/traffic-light-protocol/

  8. Crnkovic, G.D.: Constructive research and info-computational knowledge generation. In: Magnani, L., Carnielli, W., Pizzi, C. (eds.) Model-Based Reasoning in Science and Technology: Abduction, Logic, and Computational Discovery, pp. 359–380. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15223-8_20

  9. Diogenes, Y.: Cybersecurity - attack and defense strategies: infrastructure security with red team and blue team tactics (2018)

    Google Scholar 

  10. Goodwin, C., et al.: A framework for cybersecurity information sharing and risk reduction (2015). https://www.microsoft.com/en-us/download/confirmation.aspx?id=45516

  11. He, M.: Perspectives on cybersecurity information sharing among multiple stakeholders using a decision-theoretic approach: cybersecurity information sharing. Risk Anal. 38(2), 215–225 (2018). https://doi.org/10.1111/risa.12878

  12. Imanimehr, F., Gharaee, H., Enayati, A.: An architecture for national information sharing and alerting system. In: 2020 10th International Symposium on Telecommunications (IST), pp. 217–221 (2020). https://doi.org/10.1109/IST50524.2020.9345861

  13. JAMK University of Applied Sciences. Terveydenhuoltoalan kyberturvallisuus kehittyi yhdessä alan toimijoiden kanssa — Tech to the Future. https://blogit.jamk.fi/techtothefuture/2022/02/14/jamkissa-kehitettiin-terveydenhuoltoalan-kyberturvallisuutta-yhdessa-alan-toimijoiden-kanssa/

  14. JAMK University of Applied Sciences. Real life medical equipment and simulated public health services in healthcare cyber security exercises (2021). https://jyvsectec.fi/2021/04/real-life-medical-equipment-and-simulated-public-health-services-in-healthcare-cyber-security-exercises/

  15. JAMK University of Applied Sciences. Terveydenhuollon kyberharjoitusympäristön kehittäminen etenee (2021). https://blogit.jamk.fi/techtothefuture/2021/02/19/terveydenhuollon-kyberharjoitusympariston-kehittaminen-etenee/

  16. JYVSECTEC: Kyberhäiriöiden hallinta - käsikirja terveydenhuollon toimijoille (2020). https://jyvsectec.fi/wp-content/uploads/2020/12/kyberhairioiden-hallinta-kasikirja-terveydenhuollon-toimijoille.pdf

  17. Karjalainen, M., Kokkonen, T.: Review of pedagogical principles of cyber security exercises. Adv. Sci. Technol. Eng. Syst. J. 5(5), 592–600 (2020). https://doi.org/10.25046/aj050572

  18. Karjalainen, M., Kokkonen, T., Puuska, S.: Pedagogical aspects of cyber security exercises. In: 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS PW), pp. 103–108 (2019). https://doi.org/10.1109/EuroSPW.2019.00018

  19. Khajeddin, S.N., Madani, A., Gharaee, H., Abazari, F.: Towards a functional and trustful web-based information sharing center. In: 2019 5th International Conference on Web Research (ICWR), pp. 252–257 (2019). https://doi.org/10.1109/ICWR.2019.8765297

  20. project, M.: Misp - open source threat intelligence platform & open standards for threat information sharing. https://www.misp-project.org/. Accessed 25 Jan 2022

  21. Rautiainen, A., Sippola, K., Mättö, T.: Perspectives on relevance: the relevance test in the constructive research approach. Management Accounting Research 34, 19–29 (2017). https://doi.org/10.1016/j.mar.2016.07.001

  22. Steven, J.T., Robert, B., Marjorie, D.: Introduction to Qualitative Research Methods: A Guidebook and Resource, 4th edn. Wiley (2016). http://search.ebscohost.com.ezproxy.jamk.fi:2048/login.aspx?direct=true &db=nlebk &AN=1061324 &site=ehost-live

  23. Thamer, N., Alubady, R.: A survey of ransomware attacks for healthcare systems: risks, challenges, solutions and opportunity of research. In: 2021 1st Babylon International Conference on Information Technology and Science (BICITS), pp. 210–216 (2021). https://doi.org/10.1109/BICITS51482.2021.9509877

  24. Traficom. Kyberharjoitusohje - traficomin julkaisuja 26/2019 - käsikirja harjoituksen järjestäjälle (2022)

    Google Scholar 

Download references

Acknowledgements

This research was partially funded by the Regional Council of Central Finland/Council of Tampere Region and European Regional Development Fund as part of the Health Care Cyber Range (HCCR) project of JAMK University of Applied Sciences Institute of Information Technology (grant number A74537) and by the Resilience of Modern Value Chains in a Sustainable Energy System project, co-funded by the European Union and the Regional Council of Central Finland (grant number J10052). The authors would like to thank Ms. Tuula Kotikoski for proofreading the manuscript and Mr. Henri Tervakoski for installing all the MISP instances and configurations which were used in exercise.

Author information

Authors and Affiliations

  1. Institute of Information Technology, Jamk University of Applied Sciences, Jyväskylä, Finland

    Jari Hautamäki, Tero Kokkonen & Tuomo Sipola

Authors
  1. Jari Hautamäki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tero Kokkonen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tuomo Sipola
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jari Hautamäki .

Editor information

Editors and Affiliations

  1. ISEG, Universidade de Lisboa, Lisbon, Portugal

    Álvaro Rocha

  2. College of Engineering, The Ohio State University, Columbus, OH, USA

    Hojjat Adeli

  3. Institute of Data Science and Digital Technologies, Vilnius University, Vilnius, Lithuania

    Gintautas Dzemyda

  4. DCT, Universidade Portucalense, Porto, Portugal

    Fernando Moreira

  5. Institute of Information Technology, Lodz University of Technology, Łódz, Poland

    Aneta Poniszewska-Marańda

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hautamäki, J., Kokkonen, T., Sipola, T. (2024). Cyber Security Information Sharing During a Large Scale Real Life Cyber Security Exercise. In: Rocha, Á., Adeli, H., Dzemyda, G., Moreira, F., Poniszewska-Marańda, A. (eds) Good Practices and New Perspectives in Information Systems and Technologies. WorldCIST 2024. Lecture Notes in Networks and Systems, vol 987. Springer, Cham. https://doi.org/10.1007/978-3-031-60221-4_5

Download citation

Publish with us

Policies and ethics