MCF-CSA: A Multi-level Collaboration Framework for Cyber Situation Awareness and Information Sharing

Abstract

Cyberspace defense has evolved to more than just a single/simple approach to keeping information and infrastructure safe from harm’s way. This new trend requires cybersecurity services to be collaboratively provisioned by integrating existing data, capabilities and strategies together, which brings severe challenges as follows: 1) Existing massive, diverse, and heterogeneous data cannot be obtained on demand. 2) Network security-related systems are of various types, complex structures, and diverse models. 3) Due to geographically isolated from each other during operation, these systems are hard to efficiently co-work together. To address these problems, in this paper we propose MCF-CSA, a multi-level collaboration framework for cyber situation awareness and information sharing model against such national broader class of cyber defense. We describe the concept and architecture of MCF-CSA, as well as the initial design of the key components, namely, data collaboration, system collaboration, and operation collaboration. MCF-CSA leverages data collaboration to achieve cybersecurity data convergence, integration and sharing on demand among key industries, enterprises and research institutions. MCF-CSA then leverages system collaboration to realize the interaction between threat recognition, event discovery, and situation awareness. Finally, MCF-CSA leverages operation collaboration to realize interaction of early warning, emergency response and disposal processes based on business needs. In addition, we present convergence, integration and sharing models of data, capabilities and strategies based on data map, threat map and strategy map.