Beyond Silos – Unifying Military and Civilian Cyber Threat Intelligence for National Security
DOI:
https://doi.org/10.31436/ijpcc.v12i1.575Keywords:
Cyber Threat Intelligence, STIX Metadata Extensions, National Cybersecurity, Military-Civilian Integration, Threat Intelligence SharingAbstract
Cyber Threat Intelligence (CTI) is still divided between the military and civilian environments, which hinders collaboration and hampers the response to advanced cyber threats. Military frameworks (e.g., JP 3-12, AFI 14-133, Cyber Kill Chain) are focused on classified information and state actors, whereas civilian models (e.g., NIST 800-150, MITRE ATT&CK, FS-ISAC) are based on standardization, transparency, and sector-specific incident response. This paper outlines a Hybrid Military-Civilian CTI model that combines Structured Threat Information eXpression (STIX) 3.0 metadata extensions, Artificial Intelligence (AI)-assisted correlation mechanisms, and federated cross-sector playbooks to solve these issues. Enhanced tagging, classification-aware sharing, and automated threat mapping are introduced to streamline secure, real-time CTI exchange. The approach improves adversary profiling, accelerates incident response, and enhances national cyber resilience. This model advances the strategic convergence of defence and civilian cybersecurity and offers a replicable framework for nations facing increasingly hybrid cyber conflicts
References
J. Kotsias, A. Ahmad, and R. Scheepers, “Adopting and integrating cyber-threat intelligence in a commercial organisation,” European Journal of Information Systems, vol. 32, no. 1, pp. 35–51, 2023, doi: 10.1080/0960085X.2022.2088414.
S. Baek and Y. G. Kim, “C4I system security architecture: A perspective on big data lifecycle in a military environment,” Sustainability (Switzerland), vol. 13, no. 24, Dec. 2021, doi: 10.3390/su132413827.
O. Carlos, “Using cyber threat intelligence to support adversary understanding applied to the Russia-Ukraine conflict,” ArXiv, vol. abs/2205.03469, p., 2022, doi: 10.48550/arXiv.2205.03469.
M. Parmar and A. Domingo, “On the Use of Cyber Threat Intelligence (CTI) in Support of Developing the Commander’s Understanding of the Adversary,” MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM), pp. 1–6, 2019, doi: 10.1109/MILCOM47813.2019.9020852.
B. Shin and P. B. Lowry, “A review and theoretical explanation of the ‘Cyberthreat-Intelligence (CTI) capability’ that needs to be fostered in information security practitioners and how this can be accomplished,” May 01, 2020, Elsevier Ltd. doi: 10.1016/j.cose.2020.101761.
S. Saeed, S. A. Suayyid, M. S. Al-Ghamdi, H. Al-Muhaisen, and A. M. Almuhaideb, “A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience,” Aug. 01, 2023, Multidisciplinary Digital Publishing Institute (MDPI). doi: 10.3390/s23167273.
D. Badea, G. M?nescu, D. Iancu, O. Bucovetchi, and A. Dinicu, “Civilian – military interferences in the management of research for the security and defense field,” MATEC Web of Conferences, p., 2019, doi: 10.1051/MATECCONF/201929013001.
A. Hickey, “The GPT Dilemma: Foundation Models and the Shadow of Dual-Use,” ArXiv, vol. abs/2407.20442, p., 2024, doi: 10.48550/arXiv.2407.20442.
L. Huang and Q. Zhu, “Duplicity Games for Deception Design With an Application to Insider Threat Mitigation,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 4843–4856, 2020, doi: 10.1109/TIFS.2021.3118886.
G. Simons, Y. Danyk, and T. Maliarchuk, “Hybrid war and cyber-attacks: creating legal and operational dilemmas,” Global Change, Peace & Security, vol. 32, pp. 337–342, 2020, doi: 10.1080/14781158.2020.1732899.
W. Wróblewski and M. Wi?niewski, “Cybersecurity in the context of Hybrid Warfare in Ukraine: Analysis of its impact on the public sector and society in Poland,” Central European Journal of Security Studies, p., 2023, doi: 10.15804/cejss.2023105.
K. Boyte, “A Comparative Analysis of the Cyberattacks Against Estonia, the United States, and Ukraine,” Cyber Warfare and Terrorism, p., 2020, doi: 10.4018/978-1-7998-2466-4.ch071.
P. Malachinski and M. Pichon, “The hidden network: How China unites state, corporate, and academic assets for cyber offensive campaigns.” Accessed: Feb. 22, 2025. [Online]. Available: https://www.orangecyberdefense.com/global/blog/cert-news/the-hidden-network-how-china-unites-state-corporate-and-academic-assets-for-cyber-offensive-campaigns
R. Flanders, L. Johnson, M. Trevelyan, A. Whitmore, L. Lesowiec, and R. Tumber, “Cyber Threat Intelligence in Government: A Guide for Decision Makers & Analysts,” Mar. 2019. Accessed: Feb. 22, 2025. [Online]. Available: https://hodigital.blog.gov.uk/wp-content/uploads/sites/161/2020/03/Cyber-Threat-Intelligence-A-Guide-For-Decision-Makers-and-Analysts-v2.0.pdf
T. M. Whitesel and J. Rudell, “Overcoming Obstacles toCyberspace Threat Intelligence,” Jul. 2024, Accessed: Feb. 22, 2025. [Online]. Available: https://www.lineofdeparture.army.mil/Journals/Military-Intelligence/MIPB-July-December/Cyberspace-Threat-Intelligence/
A. Ribeiro, “Growing convergence of geopolitics and cyber warfare continue to threaten OT and ICS environments in 2024 - Industrial Cyber.” Accessed: Feb. 22, 2025. [Online]. Available: https://industrialcyber.co/features/growing-convergence-of-geopolitics-and-cyber-warfare-continue-to-threaten-ot-and-ics-environments-in-2024/
S. Fogarty, “The Future of Warfighting: Cyber Enabling Convergence.” Accessed: Feb. 22, 2025. [Online]. Available: https://www.boozallen.com/insights/cyber/the-future-of-warfighting-cyber-enabling-convergence.html
Y. L. Schmuki, “The Law of Neutrality and the Sharing of Cyber-Enabled Data During International Armed Conflict,” 2023. [Online]. Available: https://rus.azattyk.org/a/31744688.
“APT Security - Advanced Persistent Threat Detection Tool | SolarWinds”.
“- CYBER THREATS IN THE PIPELINE: USING LESSONS FROM THE COLONIAL RANSOMWARE ATTACK TO DEFEND CRITICAL INFRASTRUCTURE.” Accessed: Feb. 24, 2025. [Online]. Available: https://www.govinfo.gov/content/pkg/CHRG-117hhrg45085/html/CHRG-117hhrg45085.htm
M. F. A. El Rob, M. A. Islam, S. Gondi, and O. Mansour, “THE APPLICATION OF MITRE ATT&CK FRAMEWORK IN MITIGATING CYBERSECURITY THREATS IN THE PUBLIC SECTOR,” Issues In Information Systems, 2024, doi: 10.48009/3_iis_2024_106.
“Cyberneutrality: Discouraging Collateral Damage,” 2022, doi: 10.3929/ethz-b-000548707.
“AI and Cyber Threat Intelligence: An Overview.” Accessed: Feb. 24, 2025. [Online]. Available: https://www.gsdvs.com/post/ai-and-cyber-threat-intelligence-an-overview
“Cyber Threat Intelligence Frameworks: What You Need to Know - Flare.” Accessed: Feb. 23, 2025. [Online]. Available: https://flare.io/learn/resources/blog/cyber-threat-intelligence-framework/
“What is Cyber Threat Intelligence (CTI)? Cyber Threat Intelligence Explained.” Accessed: Feb. 23, 2025. [Online]. Available: https://www.xcitium.com/knowledge-base/cyber-threat-intelligence/
N. E. A. Takpah, V. N. Oriakhi, N. E. A. Takpah, and V. N. Oriakhi, “Cybersecurity Challenges and Technological Integration in Military Supply Chain 4.0,” Journal of Information Security, vol. 16, no. 1, pp. 131–148, Nov. 2024, doi: 10.4236/JIS.2025.161007.
“Executive Summary: Avoiding civilian harm from military cyber operations during armed conflicts,” International Review of the Red Cross, vol. 104, no. 919, pp. 1501–1505, Apr. 2022, doi: 10.1017/S1816383121000540.
“Federal Government Cybersecurity Incident & Vulnerability Response Playbooks Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability Response Activities in FCEB Information Systems”, Accessed: Feb. 23, 2025. [Online]. Available: http://www.cisa.gov/tlp/.
A. Neuberger, “NSA CYBERSECURITY 2020 YEAR IN REVIEW,” 2020.
K. Baraniuk and P. Marsza?ek, “The potential of Cyber Threat Intelligence analytical frameworks in research on information operations and influence operations,” Przegl?d Bezpiecze?stwa Wewn?trznego, vol. 16, no. 31, pp. 279–320, Dec. 2024, doi: 10.4467/20801335PBW.24.027.20804.
P. Kuehn, T. Riebe, L. Apelt, M. Jansen, and C. Reuter, “Sharing of Cyber Threat Intelligence between States,” Jan. 2020.
N. N. P. Mkuzangwe and Z. C. Khan, “Cyber-Threat Information-Sharing Standards: A Review of Evaluation Literature,” The African Journal of Information and Communication, no. 25, 2020, doi: 10.23962/10539/29191.
T.?: White, “Cyber Threat Intelligence in Government: A Guide for Decision Makers & Analysts.”
J. C. Chen et al., “The Cyber Defense Review - Spring Edition,” 2020.
USAF, “AIR FORCE AIR FORCE HANDBOOK 14-133,” Sep. 2017. Accessed: Feb. 23, 2025. [Online]. Available: www.e-Publishing.af.mil
GOV.UK, “Guidance: Cyber-threat intelligence information sharing guide,” Mar. 2021. Accessed: Feb. 23, 2025. [Online]. Available: https://www.gov.uk/government/publications/cyber
C. S. Johnson, M. L. Badger, D. A. Waltermire, J. Snyder, and C. Skorupka, “Guide to Cyber Threat Information Sharing - NIST Special Publication 800-150,” Gaithersburg, MD, Oct. 2016. doi: 10.6028/NIST.SP.800-150.
“The Complete Guide to MITRE’s 2020 ATT&CK Evaluation.” Accessed: Feb. 23, 2025. [Online]. Available: https://www.sentinelone.com/blog/the-complete-guide-to-understanding-mitres-2020-attck-evaluation/
“Cyber Kill Chain vs. Mitre ATT&CK®: 4 Key Differences and Synergies | Exabeam.” Accessed: Feb. 23, 2025. [Online]. Available: https://www.exabeam.com/explainers/mitre-attck/cyber-kill-chain-vs-mitre-attck-4-key-differences-and-synergies/
USAF, “AIR FORCE INSTRUCTION 14-133,” Mar. 2016, Accessed: Feb. 23, 2025. [Online]. Available: AIR FORCE INSTRUCTION 14-133
J. T. Rojas, “Masters of Analytical Tradecraft: Certifying the Standards and Analytic Rigor of Intelligence Products,” 2019.
“MITRE ATT&CK vs. Other Security Frameworks | Fidelis Security.” Accessed: Feb. 23, 2025. [Online]. Available: https://fidelissecurity.com/cybersecurity-101/learn/mitre-attack-vs-other-cybersecurity-framework/
“What is STIX/TAXII? | Cloudflare.” Accessed: Feb. 23, 2025. [Online]. Available: https://www.cloudflare.com/en-gb/learning/security/what-is-stix-and-taxii/
V. Benetis, “Vilius Benetis ISO 27035 practical value for CSIRTs and SOCs,” 2023, Accessed: Feb. 23, 2025. [Online]. Available: https://www.linkedin.com/in/viliusbenetis/
“STIX/TAXII: A Full Guide To Standardized Threat Intelligence Sharing - Kraven Security.” Accessed: Feb. 23, 2025. [Online]. Available: https://kravensecurity.com/stix-and-taxii-a-full-guide/
“Introduction to STIX.” Accessed: Feb. 23, 2025. [Online]. Available: https://oasis-open.github.io/cti-documentation/stix/intro.html
“ISO/IEC 27035-3:2020 - Information technology — Information security incident management — Part 3: Guidelines for ICT incident response operations.” Accessed: Feb. 23, 2025. [Online]. Available: https://www.iso.org/standard/74033.html
“ISO/IEC 27035-2:2023(en), Information technology — Information security incident management — Part 2: Guidelines to plan and prepare for incident response.” Accessed: Feb. 23, 2025. [Online]. Available: https://www.iso.org/obp/ui/en/#iso:std:iso-iec:27035:-2:ed-2:v1:en
“(22) Security Incident Management according to ISO 27035 | LinkedIn.” Accessed: Feb. 23, 2025. [Online]. Available: https://www.linkedin.com/pulse/security-incident-management-according-iso-27035-dipen-das-/
“ISO/IEC 27035 infosec incident management.” Accessed: Feb. 23, 2025. [Online]. Available: https://www.iso27001security.com/html/27035.html
“Understanding MITRE’s 2020 ATT&CK Evaluation.” Accessed: Feb. 23, 2025. [Online]. Available: https://xmcyber.com/blog/understanding-mitres-2020-attck-evaluation/
“CyCraft Classroom: MITRE ATT&CK vs. Cyber Kill Chain vs. Diamond Model | CyCraft.” Accessed: Feb. 23, 2025. [Online]. Available: https://www.cycraft.com/en/post/mitre20200701
AirForce, “AIR FORCE DOCTRINE PUBLICATION 3-12 CYBERSPACE OPERATIONS,” 2023, Accessed: Feb. 23, 2025. [Online]. Available: https://www.doctrine.af.mil/Portals/61/documents/AFDP_3-12/3-12-AFDP-CYBERSPACE-OPS.pdf
“Cyber Threat Information Sharing (CTIS) - Shared Cybersecurity Services (SCS) | CISA.” Accessed: Feb. 23, 2025. [Online]. Available: https://www.cisa.gov/resources-tools/services/cyber-threat-information-sharing-ctis-shared-cybersecurity-services-scs
D. of Defense, “Department of Defense Zero Trust Overlays Office of the Chief Information Officer CLEARED For Open Publication Department of Defense OFFICE OF PREPUBLICATION AND SECURITY REVIEW,” 2024.
R. A. Bitzinger, “Civil-Military Integration and ary Integration and Chinese Military Modernization,” 2004, Accessed: Feb. 23, 2025. [Online]. Available: https://apcss.org/Publications/APSSS/Civil-MilitaryIntegration.pdf
J. Yu, Y. Lu, Y. Zhang, Y. Xie, M. Cheng, and G. Yang, “A Unified Model for Chinese Cyber Threat Intelligence Flat Entity and Nested Entity Recognition,” Electronics (Switzerland), vol. 13, no. 21, Nov. 2024, doi: 10.3390/electronics13214329.
A. de Melo e Silva, J. J. C. Gondim, R. de Oliveira Albuquerque, and L. J. G. Villalba, “A methodology to evaluate standards and platforms within cyber threat intelligence,” Future Internet, vol. 12, no. 6, Jun. 2020, doi: 10.3390/fi12060108.
“Latest misp-stix Release: Enhanced Support for Analyst Data.” Accessed: Feb. 26, 2025. [Online]. Available: https://www.misp-project.org/2025/02/07/MISP_Support_for_Analyst_Data_converter_from_STIX2.html/?utm_source=chatgpt.com
OASIS, “STIX Best Practices Guide Version 1.0.0,” 2022. [Online]. Available: https://docs.oasis-open.org/cti/stix-bp/v1.0.0/cn01/stix-bp-v1.0.0-cn01.docx
A. Ramsdale, S. Shiaeles, and N. Kolokotronis, “A comparative analysis of cyber-threat intelligence sources, formats and languages,” Electronics (Switzerland), vol. 9, no. 5, May 2020, doi: 10.3390/electronics9050824.
L. Alevizos and M. Dekker, “Towards an AI-Enhanced Cyber Threat Intelligence Processing Pipeline,” Mar. 2024.
R. Fieblinger, M. T. Alam, and N. Rastogi, “Actionable Cyber Threat Intelligence using Knowledge Graphs and Large Language Models,” Jun. 2024, [Online]. Available: http://arxiv.org/abs/2407.02528
