Challenges and Opportunities for Cross-Domain Cyber Threat Intelligence Sharing Towards Whole-of-Society Resilience

Abstract

The increasing sophistication, frequency, and scale of cyberattacks means that societies cannot rely on isolated and uncoordinated defences but should embrace collaboration and intelligence sharing to remain cyber resilient. In many countries intelligence sharing lies at the heart of national security architecture and is embedded in strategies and in legislation, such as USA’s Cybersecurity Information Sharing Act or the Australia’s Security of Critical Infrastructure Act. In cybersecurity, cyber threat intelligence (CTI) is data created through the careful analysis of cyber threats and adversary behaviours to produce high-quality, timely, actionable, and relevant insights, allowing organizations to confidently anticipate, detect, prevent, and respond to cyberattacks. CTI provides critical insights into potential threats, enabling real-time responses during incidents, targeted mitigation strategies, and rapid recovery. Cross-domain CTI sharing plays a key role in breaking down silos, fostering cooperation across industries and sectors thus giving recognition to the interconnected nature of today’s digital landscape, where a cyber threat in one domain can cascade into and impact other domains. By sharing actionable CTI, organizations can collectively identify vulnerabilities, respond to threats in real time, and protect critical societal functions such as healthcare, finance, energy, and communication while strengthening the overall resilience of interconnected systems. Around the world, enhancing CTI sharing has become increasingly critical and remains a key driver for societal cyber resilience, enabling organizations, communities, and individuals to anticipate, withstand, recover from, and adapt to and thrive amid the ever-evolving complexities of the cyber threat landscape. This study examines the challenges and opportunities for cross-domain CTI sharing through a comprehensive systematic review of literature, focusing on key issues such as protecting sensitive data from adversaries when shared outside every trusted organization in the system, building trust among diverse stakeholders, navigating governmental regulations, and ensuring seamless interoperability to enable stakeholders to remain in sharing and using CTI. The research underscores how collaboration across industries and sectors can foster a stronger, more unified defence against the ever-evolving threats in today’s cyber landscape.