SPARTA Data Sharing Infrastructure

24th Jun 2021

Data sharing is one of the key aspects of building a comprehensive cybersecurity concept within the T-SHARK programme. Shared cyber incident-related data, extracted using different technological tools; structured contextual information from different sources makes it possible to connect separate events, better understand targets and build situation awareness in the whole ecosystem. 

The specially developed SPARTA Data Sharing infrastructure consists of the integration of two main existing sharing platforms: the “MISP Threat Sharing’’ systems and the “C3ISP Collaborative and Confidential Information Sharing and Analysis for Cyber Protection’’ system. The main frontend of the SPARTA Data Sharing Infrastructure will be represented by the MISP data-sharing platform because the MISP graphical user interface offers a wide number of functionalities to help users in their searches and analysis and, at the same time, it is very easy and intuitive to be used. Secondly, the data format used to represent events of interest in MISP allows users to efficiently represent even complex events, which include several objects and also attributes. Some data that needs to be stored in the SPARTA data-sharing infrastructure could be critical, sensitive, or require more advanced protection. To meet such advanced security requirements, these data will be stored on the C3ISP data-sharing platform, which provides advanced data protection support. The MISP platform, however, stores a sanitized version of such critical data, where the fields to be protected have been removed or anonymized, while the C3ISP platform stores the corresponding original data, protecting it by enforcing a proper privacy policy.

Such integration and partial automation provide new ways of data sharing and the value of such a solution is piloted in the T-SHARK programme to be demonstrated at the final stages of the SPARTA project. 

The solution addresses one of the fundamental challenges of the EU cybersecurity ecosystem, having a diverse multi-stakeholders community (differ with mandates, functional scope, the geography of operations, size, area of expertise) it is highly difficult to address complex international incidents in a timely, well-coordinated and efficient manner. SPARTA Cybersecurity Incidents and Investigation Data Sharing infrastructure provide one of the cornerstone components. It enables a trusted way to exchange different elements in a controlled way including:

· raw data;

· information on cybersecurity incidents;

· investigative processes outputs;

· ML and AI algorithms;

· analysis products;

· supplementary data and relationship between different entities.

Having this information shared and made available among EU MS cybersecurity actors in a controlled way enables collaborative cross-border investigations and analysis of complex and high-risk cybersecurity threats. By exploiting and developing further it can become a significant component of future European Cybersecurity Network and a Competence Centre collaborative infrastructure.