TY - JOUR
T1 - An Interledger Blockchain Platform for cross-border Management of Cybersecurity Information
AU - Neisse, Ricardo
AU - Hernandez-Ramos, Jose Luis
AU - Matheu-Garcia, Sara Nieves
AU - Baldini, Gianmarco
AU - Skarmeta, Antonio
AU - Siris, Vasilios
AU - Lagutin, Dmitrij
AU - Nikander, Pekka
PY - 2020/5/1
Y1 - 2020/5/1
N2 - Cybersecurity certification is a core notion to support the mitigation of cybersecurity risks of Information and Communication Technologies (ICT). At the European Union (EU) level, the Cybersecurity Act establishes a common cybersecurity certification framework supporting the coexistence of different certification schemes across Member States. However, its realization needs to be sustained by technical approaches to enable ICT stakeholders from different sectors or countries to exchange cybersecurity information and evaluate the up-to-date security level of an ICT system throughout their lifecycle. Toward this end, we propose a blockchain-based platform using a novel interledger design, where ledgers associated with ICT artifacts, cybersecurity certificates, and vulnerabilities are interconnected. The main purpose is to leverage the advantages of blockchain in terms of distributed trust, transparency, and accountability, while at the same time coping with scalability, performance, and interoperability requirements. We analyze the impact of our platform in the current EU legislation and provide insights for its deployment.
AB - Cybersecurity certification is a core notion to support the mitigation of cybersecurity risks of Information and Communication Technologies (ICT). At the European Union (EU) level, the Cybersecurity Act establishes a common cybersecurity certification framework supporting the coexistence of different certification schemes across Member States. However, its realization needs to be sustained by technical approaches to enable ICT stakeholders from different sectors or countries to exchange cybersecurity information and evaluate the up-to-date security level of an ICT system throughout their lifecycle. Toward this end, we propose a blockchain-based platform using a novel interledger design, where ledgers associated with ICT artifacts, cybersecurity certificates, and vulnerabilities are interconnected. The main purpose is to leverage the advantages of blockchain in terms of distributed trust, transparency, and accountability, while at the same time coping with scalability, performance, and interoperability requirements. We analyze the impact of our platform in the current EU legislation and provide insights for its deployment.
KW - Blockchain
KW - Cybersecurity Certification
KW - Interledger
UR - http://www.scopus.com/inward/record.url?scp=85086715867&partnerID=8YFLogxK
U2 - 10.1109/MIC.2020.3002423
DO - 10.1109/MIC.2020.3002423
M3 - Article
AN - SCOPUS:85086715867
SN - 1089-7801
VL - 24
SP - 19
EP - 29
JO - IEEE Internet Computing
JF - IEEE Internet Computing
IS - 3
M1 - 9119756
ER -