26 February 2021. The Spanish Association for Standardization, UNE, has published Standard UNE 320002 Confidence-building architecture for the exchange of Cyber Threats Intelligence, thus making it the first global standard on Cyber Threat Intelligence management and sharing models.
UNE helps Spanish companies to achieve successful digital transformation, through standards that establish a common language and provide security and confidence in products and services, through robust and reliable frameworks.
The UNE 320002 Standard defines the reference framework for the design, governance and monitoring of the performance and reliability of Cyber Threat Intelligence exchange networks. Standardised models provide companies with greater guarantees and confidence in this area.
The impact of global cybercrime on companies and organisations has not stopped growing in recent years, with increasingly sophisticated attacks being carried out with more organised collaboration among the different actors, and a production chain that is becoming increasingly specialised. In this context, the need to acquire global knowledge or intelligence from companies and organisations in order to minimise risks has become an obligation.
The lack of confidence of companies in the different cybersecurity intelligence sharing ecosystems is precisely one of the main obstacles to overcome in order to cover this need. In this regard, the Spanish Standard UNE 320002 includes a series of concepts and processes for designing, governing and monitoring shared architectures that allow the creation of an ecosystem of guarantees and trust for the entities that make up the network.
This standard has been developed in the UNE Technical Committee for Standardisation CTN320, within SC4, with the participation and consensus of all parties involved.
The publication of the standard is the culmination of an intense project that began in July 2019 with the creation of the ACIIC Working Group of CTN 320/SC 4 'Trusted Architectures for the Exchange of Cyber-threat Intelligence,' which has responsible for drafting the standard. This joint effort by a group of Spanish experts to draw up the standard represents a major milestone. More than 20 meetings have been held for its development, both face-to-face and online. Technical neutrality has required experts to make an additional effort to provide a neutral vision that allows the creation of the right conditions for a Cyber Threat Intelligence Exchange ecosystem.
UNE 320002 is a milestone, not only for being the first standard of this UNE standardisation working group, but as the first global standard on the management and sharing of Cyber Threat Intelligence.
This standard will serve as the basis for the future development of other regulatory references in the field of cyber intelligence. In this regard, it will be proposed for the international ISO standard in the coming weeks.