Decentralised Marketplace for Cyber Threat Information

As stated in a 2019 cyber-crime study conducted by Accenture [1], there is a growing trend in the financial loss that different cyberattacks would incur on organizations. This study also predicted that in the next five years cyber threats would jeopardize the assets of companies exposed to this class of attacks with the estimated value of 5.2 trillion dollars. Thereby, the numbers mentioned above highlight the definite need for robust and reliable procedures aimed at securing organizations and critical infrastructure against complex cyberattacks.

The standard information security mechanisms and technologies such as firewalls have been widely deployed in critical infrastructures as mitigation for malicious activities, they are nevertheless inadequate to counter correlated and sophisticated cyberattacks [2].

A vast majority of organizations collectively agreed that sharing Cyber Threat Information (CTI) is one of the most effective solutions to combat modern adversaries [3]. This statement had been backed by the SANS study [4], in which about 81% of security experts mentioned that they leverage shared CTI to achieve better cyber-security resilience. Furthermore, in the same study SANS demonstrated that the volume of produced and consumed threat information has been continuously increasing over the last few years. This trend implies a massive growth in the number of organizations that are actively contributing to sharing information.

Establishing a successful CTI sharing system relies on several factors. For this reason, the National Institute of Standard and Technology (NIST) defined a set of guidelines for effective CTI sharing. Additionally, it attributed the reluctance of organizations to share threat information to the following factors: trust issues, privacy concerns particularly regarding classified and personal data, lack of automated and interoperable sharing mechanisms, the asymmetry between CTI publisher and consumer, reliability of a shared information, regulation, and traceability issues [5].

To support the described requirements, several voluntary and community-driven CTI sharing platforms such as historic incidents and Open-Source Intelligence (OSINT) have been established. Additionally, legislation institutes such as NIST defined a set of guidelines and directives concerning sharing threat information. Consequently, organizations particularly the operators of essential services are obliged to comply with these directives or otherwise they would face punishments. These strict regulations are commonly put into practice after the failure of voluntary approaches aimed at sharing threat information among different organizations in a timely and actionable manner.

To address the inherited deficiencies in the above approaches, the CTI marketplace was proposed as a win-win approach with novel incentive models [6]. In the PHOENIX project, a blockchain-based CTI marketplace is developed that leverages blockchain technologies to establish trusted relationships between CTI producers and consumers while incentivizing the producers to share their information. More precisely, this solution enables trusted and transparent relationships between different participants through the immutable logs and consensus engine provided by the blockchains. This novel CTI exchange model also incentivizes CTI producers through rewards which may come in different forms such as money and reputation scores. Furthermore, it leverages smart contracts to automate the whole process of data exchange. The marketplace shares CTI only with authorized partners. Besides, it ensures that the integrity of CTI is preserved while exchanging between diverse participants. To comply with the GDPR, particularly personal right to be forgotten, as well as to minimize the performance loss, the full CTI record would be stored in the conventional database while the hash of the threat information would be recorded in the blockchain and later would be used for the integrity check.


[1] Bissell, K.; Lasalle, R.M.; Dal Cin, P. The cost of cybercrime—Ninth annual cost of cybercrime study.Ponemon Institute andAccenture Security. https://www. accenture. com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final. pdf# zoom2019,50

[2] Leszczyna, R.; Łosi ́nski, M.; Małkowski, R. Security information sharing for the polish power system. 2015 Modern ElectricPower Systems (MEPS). IEEE, 2015, pp. 1–6.

[3] Luiijf, H.; Kernkamp, A. Sharing cyber security information: Good practice stemming from the dutch public-private-participationapproach2015

[4] Brown, S.; Gommers, J.; Serrano, O. From cyber security information sharing to threat management. Proceedings of the 2ndACM workshop on information sharing and collaborative security, 2015, pp. 43–49.

[5] Johnson, C.; Badger, L.; Waltermire, D.; Snyder, J.; Skorupka, C.; others. Guide to cyber threat information sharing.NIST specialpublication2016,800

[6] Riesco, R.; Larriva-Novo, X.; Villagrá, V.A. Cybersecurity threat intelligence knowledge exchange based on blockchain.Telecom-munication Systems2020,73, 259–288

This project has received funding from the European Union’s Horizon 2020 research and Innovation programme under grant agreement N°832989. All information on this website reflects only the authors' view. The Agency and the Commission are not responsible for any use that may be made of the information this website contains.

Sign up to our newsletter