Implementing CTI Exchange: A Framework for the DYNAMO Project Pilot Phase

Abstract

Effective Cyber Threat Intelligence (CTI) exchange is essential for strengthening cybersecurity resilience across critical sectors such as healthcare, energy, and maritime. While theoretical CTI governance models exist, their real-world implementation remains challenging due to issues with trust, compliance, interoperability, and real-time collaboration. This paper aims to address these challenges by proposing a practical knowledge transfer framework for the pilot phase of CTI Exchange governance implementation. Building on two prior research studies that developed a CTI exchange governance model specifically tailored for the DYNAMO platform, this paper focuses on putting that model into practice. By utilizing the insights and methodologies from previous work, the study presents a structured approach to applying, testing, and refining governance principles in real-world settings, ensuring effective operationalization of the model through the DYNAMO platform's capabilities. The DYNAMO project, an EU initiative, offers a comprehensive approach to cyber resilience and business continuity, providing organizations with tools and strategies for threat intelligence generation, analysis, and dissemination. The proposed framework includes strategies for piloting DYNAMO tools with pilot preparation, stakeholder engagement, sector-specific governance adaptations, and evaluation metrics. It also defines clear roles and responsibilities to support consistent application of governance mechanisms, with continuous refinement based on empirical feedback. The framework also emphasizes the importance of cross-sector collaboration, ensuring that various stakeholders, including governmental bodies, private organizations, and technical experts, are actively involved throughout the process. Tailored guidelines for the healthcare, energy, and maritime sectors address sector-specific regulatory and operational challenges. Although the pilot phase has not yet been executed, the guidelines presented here provide a robust roadmap for preparing, launching, and iteratively refining CTI exchange pilots. Ultimately, this work lays the foundation for scalable, secure, and compliant CTI-sharing governance that enhances collaboration and cyber resilience across critical infrastructure environments.