Jason Miller of Federal News Radio on DHS finally launching STIX and TAXII services for automated cyber information sharing:
CSIS says any cyber threat information sharing effort must build upon existing structures, limit personal information and take advantage of existing peer-to-peer relationships, while also recognizing there is a cost-benefit analysis for these processes and agreements. Nix said part of the reason STIX and TAXII are attractive is the fact both specifications don’t replace existing standards, but works within them.
As part of this effort to implement STIX and TAXII, U.S.-CERT will open access to servers running these specifications to promote cyber information sharing with its public and private sector partners.
“We want to set up an environment that is risk rated at the right level to facilitate the sharing of information, but still provides the appropriate levels of confidentiality, integrity and availability controls that would be required for an organization that actually depends on the information,” Nix said. “The idea behind the use of the cloud for the STIX/TAXII server is to enable the access to the information with the appropriate level of control so that organizations can submit information but also can retrieve information that is relevant to them. We want to protect the anonymity of information that is shared from the partners who are actually sharing the information, but also make sure that when we set up the actual information it’s getting back to the people that it needs to.”