recommended reading

How a Common Language for Cyber Threats Boosts Security

Daniel Jedzura/


By Steve Kirk May 19, 2017

recent posts

Steve Kirk is the vice president of federal at Fortinet.

Cyberattacks are increasing in frequency, and government agencies are under constant attack. This nonstop assault is facilitated by the rapidly growing complexity of today’s networks. Cloud-based services, internet-of-things devices, bring-your-own-device programs and wireless connectivity have dramatically expanded the threat landscape, creating a greater number and diversity of vulnerabilities.

To combat these threats, most agencies have stacked their security strategy with multiple security devices, typically from multiple vendors.

The problem is those devices often don’t talk to one another. These interoperability challenges can hamper efforts to share cyber threat information across and between networks and frustrate attempts to respond to threats in a timely manner.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Driven by the needs to standardize threat intelligence communications across various business applications on the network, implement open architectures and automate security tasks, security requirements for federal and local governments are in a state of flux. To remain responsive, resilient and agile, government organizations must adopt open, integrated and automated security architectures.

Creating Specifications

The federal government and private sector agree on the need for a common language to enable the rapid exchange of intelligence. The first step, then, in sharing threat information is to standardize the structure and format of threat data so that it is interoperable across various networks and platforms.

Several groups have created technical specifications for this purpose. The U.S. Computer Emergency Readiness Team strongly encourages the use of the Trusted Automated eXchange of Indicator Information, or TAXII, the Structured Threat Information eXpression, or STIX, and the Cyber Observable eXpression, or CybOX. TAXII, STIX and CybOX are free, community-driven technical specifications that represent cyber threat information in a standardized format. They enable automated information sharing and thus foster cybersecurity situational awareness, real-time network defense and sophisticated threat analysis.

The National Cybersecurity and Communications Integration Center (part of DHS’ Office of Cybersecurity and Communications) and US-CERT are supporting global adoption of these standards to be used around the world in order to enable nations to share information in the battle against cybercrime.

Why Interoperability is Critical

Interoperability between security tools is enabled by standardizing threat intelligence formats. Using an open API architecture, products and systems from different vendors can connect, share information and work as a unified security platform. Such a platform also supports end-to-end visibility across all components of a security architecture. This advantage is a force multiplier and the reason why government acquisition requirements specify open architectures and connectivity. 

Another element that facilitates easier enforcement of government standards is an open architecture. This is the idea behind the National Institute of Standards and Technology Special Publication 800-53, “Security and Privacy Controls for Federal Information Systems and Organizations.” This publication defines everything government agencies, and organizations working with government agencies, must have in place to secure their systems along with what is often extremely sensitive data.

Publications like this can be long and complicated. Determining whether a particular product is consistent with the guidance they provide is often a time-consuming manual task. An open architecture gives government acquisition organizations the ability to use a centralized, automated compliance mechanism to rapidly evaluate offerings from different vendors against standards and regulations.

Enabling Automation

Orchestration and automation may be the most significant advantages governments obtain when they adopt standard threat information formats. It’s no secret there is a cybersecurity talent shortage. To manage a growing volume of increasingly sophisticated threats, it is critical to have infrastructure and security tools that enable quick, automated and synchronized responses without human intervention.

The goal of Open C2 and other groups work is to expand the development of orchestration software and standardized command and control languages. Central to the OpenC2 movement’s platform is the idea that standardizing language between machines enables rapid response to shared threat intelligence.

As the OpenC2 forum states, “Future defenses will require the sharing of indicators, the coordination of responses between domains, synchronization of cyber defense mechanisms and automated actions at machine speed against current and pending attacks.”

Another benefit of standardized command and control languages and interfaces is they simplify integration. There’s no need to train staff on every new technology in order to support enterprise adaptation and integration.

A Holistic Network Security Approach

The vision for a more secure network is a holistic approach that automates the processing and analysis of threat information from many different sources. A system like this would rapidly detect network threats and then respond with a coordinated effort. These would be labor-intensive and time-consuming tasks to perform manually, but an automated process enables a security response almost instantaneous.

By standardizing threat information and command and control language and using open architecture, global cooperation is possible. This not only strengthens network security, but it also helps government agencies prevent breaches—all without adding to the payroll. The technology exists today to make this vision a reality, which should be pursued to maximize the safety of government and citizen data.


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.