CEO
Cybernetica AS
Estonia
“Deep knowledge is to be aware of disturbance before disturbance, to be aware of danger before danger, to be aware of destruction before destruction, to be aware of calamity before calamity.”
― Sun Tzu, The Art of War
In a globalizing society, regular cyber security information exchange between organizations and countries is an important foundation of cyber protection. Cyber-attacks do not necessarily occur regionally. Attacks that start in one region can easily spread and directly or indirectly affect other regions, with potentially global implications. Information exchange and cooperation between governments and organizations is crucial for both regional and global cyber security.
Cyber security information exchange builds upon the notion of situational awareness on the battlespace. Dr. Mica Endsley, Chief Scientist of the United States Airforce, one of the key developers of the discipline, in her 1995 publication "Toward a theory of situation awareness in dynamic systems" defines the situational awareness as “the perception of the elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future”. She also describes in detail the three levels of situational awareness formation: perception, comprehension, and projection. In essence, outlining steps from simple monitoring and recognition to data synthesis (pattern recognition, interpretation) to the projection of future planning activities.
Although today there are quite many endeavors developing platforms for cyber situational awareness (see for example EDA project ECYSAP) or more specifically for information exchange of cyber information (e.g. NIS2 directive-based activities pursued by ENISA and the European Commission), it has not yet become a standard or a standardized practice - there are no universal message formats and processes, various protocol and security issues need to be resolved. This includes the sensitivity and detail of the information to be exchanged; reaction rates and processes in active attacks.
In 2016, the US and Estonian defense ministries signed a defense research and development agreement, the purpose of which was to launch a cyber threat information exchange system between the US Air Force and the Estonian Defense Forces. To this end, in 2019, the Estonian Center for Defense Investments signed a framework agreement with Cybernetica AS, an Estonian IT research and development company.
The project was named VORMSI, referring to both an Estonian Island, but also to key characteristics that the to-be system would need to encompass. More specifically, the cooperation partners in Estonia and the USA focus on the development of the following artefacts:
- Collect information on existing and existing processes, standards, technologies, etc., also develop novel messaging formats;Reach a common understanding of the meaning of cyber situational awareness (what information, how should be exchanged);
- Propose optimal technical solutions (existing or new) that take into account the necessary functionalities, security guarantees, limitations, etc.;
- Create a solution that would enable initial exchange of information between parties;
- Create documentation, standards, reference solutions that can be used by other partners to join the information exchange;
The 6-year project “Project VORMSI” has lasted for four years. COVID-19 pandemic slowed the progress down somewhat, but today the partners are determined to remain within the original timeline. We are roughly at the midway point of the project – a minimal viable product has been presented, integrations with local systems has risen to the focus. The software is being put in use in numerous trainings and cyber exercises. This will continue to be done in the coming year(s).
U.S. Air Force Lt. Col. Charles Gruver, 275th Cyberspace Operations Group director of operations has stated at one of his interviews “The relationship we have built over the years with the cyber professionals in the Estonian Defense Force has been an incredible asset as we move through the process of creating an information sharing platform that will eventually have benefits to our NATO partners and beyond”. “The work we are doing now will help the United States and our allies exchange cyber information in an efficient and effective manner during peace time or during active cyber threats.” The ultimate goal being exactly that– a cyber threat exchange system for the allied countries.