In the contemporary interpretation of deterrence theory, maintaining high-level resilience against cyber attacks is one of two pillars of cyber deterrence posture. Penetration testing activities constitute the technical foundation of improving overall cyber resilience posture, apart from known vulnerabilities and threats. In practice, it is tremendously difficult to cover penetration testing requirements of the whole spectrum of many military systems. A new research paper on ‘Information Sharing Platform for Penetration Testing’ by NATO CCDCOE researchers Ihsan Tolga and Gunnar Faith-Ell presents an overview of the current situation regarding this sharing and aims to investigate whether it is possible to benefit from sharing information about penetration testing, examining the potential gains and associated costs.
The variety of alike systems used by different entities, existing partnerships and collaboration mechanisms between actors, and the lessons from previous similar challenges, present an opportunity in this regard. The researchers at the NATO CCDCOE have found that developing an environment in which different actors share the findings and results of their own penetration testing activities with their partners to improve their overall resilience appears to be a promising attempt.
The paper tracks the likely challenges and possible remedies, drawing a scope with respect to legal constraints, and will suggest some draft standards as the first step towards an operative penetration testing platform. As such, this paper serves as a valuable resource for allied nations’ militaries, whose aim is to enhance their cyber resilience posture. This aim, which requires extensive resources for penetration testing activities, can benefit from a collaboration framework to reduce overlapping efforts.
‘Information Sharing Platform for Penetration Testing’ paper is available online at CCDCOE’s library. This research paper is an independent product of the CCDCOE and does not represent the official policy or position of NATO or any of the CCDCOE´s Sponsoring Nations.
The NATO Cooperative Cyber Defence Centre of Excellence is a NATO-accredited knowledge hub, research institution, and training and exercise facility. The Tallinn-based international military organisation focuses on interdisciplinary applied research, as well as consultations, trainings and exercises in the field of cyber security.