The purpose of the CYBEX-P project is to provide valuable insights to organizations who contribute meaningful cybersecurity data. Without organizations' contributions, the service loses value. Without the service, organizations lose access to powerful aggregated threat analysis that is impossible to achieve on internal data alone.
In response to the increasing number of attacks on cyberspace, public and private organizations are encouraged to share their cyber-threat information and data with each other. Although there are long-term interests in sharing security related information, it places organizations at risk regarding the protection of their data and exposure of other vulnerabilities. This project designs, develops and implements a CYBersecurity information EXchange with Privacy (CYBEX-P) platform using trusted computing paradigms and privacy-preserving information sharing mechanisms for cybersecurity enhancement and development of a robust cyberinfrastructure. The outcome of this project has a broader impact on the development of a novel cybersecurity information-sharing platform with privacy preservation and a robust governance structure. The project also has direct impact on undergraduate and graduate student education and training, emphasizing the engineering development of minorities and women, by providing a real-world platform for investigation and management of cyber threats.
Envisioning that effective and privacy-preserving threat intelligence sharing can be instrumental for auditing the state of the threat landscape and helping to predict and prevent major cyber-attacks, this project provides a service for structured information exchange. The CYBEX-P platform provides valuable measurable information about the security status of systems and devices together with data about incidents stemming from cyber-attacks. To develop and implement such an environment across statewide organizations, then across the nation, this research project incorporates blind processing, privacy preservation and integrity of shared incident data by ensuring that only trusted processes access the raw data and only anonymized data are shared with other operators. Blind processing enables the advantages of additional information exchange while respecting organizational constraints and trust boundaries. This research also establishes a flexible governance framework that includes both policies and procedures to protect the data and provide all customers with the tools to demonstrate they are complying with both regulatory and internal data governance requirements. Specifically, the outcomes of the project demonstrate: i) CYBEX-P infrastructure development with affordable scalability, secure data exchange, and analytic components, ii) Privacy-preserving information sharing via blind processing and anonymization, and an iii) CYBEX-P governance framework.