Cyber Information & Intelligence Sharing Initiative (CIISI-IE)
Cyber information and intelligence is any information that can help an institution identify, assess, monitor, defend against and respond to cyber threats. Examples of cyber information and intelligence include indicators of compromise (IOCs), such as system artefacts or observables associated with an attack, motives of threat actors, tactics techniques and procedures (TTPs), security alerts, threat intelligence reports and recommended security tool configurations.
By exchanging cyber information and intelligence within a sharing community, financial entities can leverage the collective knowledge, experience, and capabilities to gain a more complete understanding of the threats they may face. Using this knowledge, members of the community can make threat-informed decisions regarding defensive capabilities, threat detection techniques and mitigation strategies. By correlating and analysing cyber information and intelligence from multiple sources, a financial entity can also enrich existing information and make it more contextual and actionable, for example, by sharing effective practical mitigations. This enrichment may be achieved by independently confirming the observations of other community members, and by improving the overall quality of the threat information.
Financial entities that receive and use this information impede the threat’s ability to spread and subsequently raise their individual level of protection. Moreover, by impeding the potential contagion of such threats, the community acts in the public interest by supporting the safe and sound operation of the financial system as a whole.
In light of the above, the Euro Cyber Resilience Board for pan-European Financial Infrastructures (ECRB) took the common position that an information and intelligence sharing initiative among volunteering ECRB members should be established and that an ECRB Cyber Information and Intelligence Sharing Initiative (CIISI-EU) should be created. The CIISI-EU framework was launched by the ECRB in February 2020 with an inaugural membership who work in close liaison with Europol and the European Union Agency for Cyber Security (ENISA) to enhance cyber information sharing and cyber awareness across Europe.
In June 2021, the Central Bank of Ireland implemented a national version of the CIISI-EU framework, CIISI-IE. This pilot initiative facilitates a peer-to-peer, trusted sharing community for the operators of essential services for the Irish financial services sector and includes the National Cyber Security Centre.
The core objectives of CIISI-IE are:
• To predict, prevent, detect, respond, mitigate and raise awareness of cybersecurity threats to members participating in CIISI-IE, thereby discharging a public interest responsibility;
• To enable relevant and actionable intelligence sharing within CIISI-IE community, and potentially to the wider ecosystem, to better protect the Irish financial institutions against cybersecurity threats;
• To encourage active contribution and active participation within a ‘trusted circle’, rather than passive consumption;
• To synthesize and actively propagate the sharing of strategic intelligence in addition to operational TTPs and tactical IOCs indicators;
• To continuously learn and evolve, as a collective, with regard to the process of analysing, developing and sharing cybersecurity intelligence.
For further information on CIISI-IE, please contact [email protected].
Find out more about CIISI-EU