US, Japanese companies collaborate on cyber

The US arm of BAE Systems announced on 16 March that it is entering into a partnership with Japan’s Fujitsu to implement a Cyber Threat Intelligence (CTI) sharing system.

The system aims to demonstrate the value of sharing cyber threat information internationally using industry standards and open source tools as a means of improving an organisation’s overall cyber defences. 

The companies believe that CTI sharing is becoming increasingly critical to improving the effective cyber defence capabilities of organisations. There have been a variety of recent large-scale information thefts that have prompted new legislation and policies. These call for government and commercial entities to share intelligence of potential cyber threats to improve overall defence.

The cyber threat intelligence sharing system that has been developed aims to aid universal protection across both physical and virtual worlds. The technology is based on the internationally approved Structured Threat Information eXpression (STIX) and Trust Automated Exchange of Indicator Information (TAXII) standards.

The system allows for a secure, two-way exchange of CTI between BAE Systems and Fujitsu. It also provides an innovative, model-based data protection framework that enforces sharing policies to prevent private corporate data from being exchanged. It allows BAE Systems and Fujitsu cyber analysts to review shared cyber threat intelligence, modify their security settings to their respective networks, and adjust what types of cyber threat intelligence they wish to share with their partners, creating an agile CTI management framework.

Peder Jungck, chief technology officer, BAE Systems’ intelligence and security sector, said: 'This partnership builds upon our strong working relationship with Fujitsu. As a team, we’re producing some of the most cutting-edge solutions to manage our customers’ defence and security needs, regardless of the industry.'