[SPARTA - bodies.dissemination-committee] equest for SPARTA acknowledgment in paper

Dear All, we are planning on submitting a paper to the ECCWS conference (19th European Conference on Cyber Warfare and Security 25 - 26 June 2020, Chester, UK). We request to acknowledge SPARTA if the paper is accepted. Here is the title and abstract of the paper: Title: *Information Sharing in Cyber Defence Exercises* Abstract Availability and easy access to sophisticated cyber penetration testing tools enable ex- ploitation of vulnerabilities in different systems globally. Cyber attacks are executed by various actors – from script kiddies to state organisations. Repetitive nature and recognisable signatures of attacks raise demand for effective information sharing. Timely warnings about cyber incidents in other systems make it possible to identify related at- tacks locally. Early identification could save a substantial amount of money and time. International cyber community supports several commercial and open-source threat in- formation sharing platforms. Efficient use of these systems depends both on the quality of submitted information and the ability of the security specialist to receive, interpret, and integrate indicators of compromise into local defence systems. Business stakeholders tend to emphasise the importance of threat hunters, while the information-sharing aspect is overlooked. Therefore, there is a need for professionals who can assess risk levels of cyber incidents in a broad context and share concise information with team members, superiors, relevant institutions, and community. The complex nature of cyber attacks raised the popularity of live cyber defence exercises (CDX), where cybersecurity special- ists are trained using simulated real-life scenarios. However, the exercises are mostly oriented towards the development of technical competences. This paper addresses the problem of proper development of information sharing com- petence during the CDX. We performed a case study of two annual international CDX. Research data were collected using several techniques. First, the participants filled in pre- event and post-event questionnaires. Additionally, each defending team was continuously observed by a dedicated evaluation team member. Finally, incident reports in short and long forms were gathered. We distinguished challenges related to internal team collabora- tion, information sharing among the teams, and reporting to relevant authorities. Based on the findings, we present a methodology to integrate information sharing into the plan- ning and execution of CDX. The methodology encompasses activities, scoring strategies, scenario recommendations, tools, and communication-encouragement components. The presented enhancement creates an observable added value to the CDX training event. Keywords: Cyber defence exercises, incident information sharing, indicators of compromise, collaborative defence Sincerely, *Dr. Aušrius Juozapavičius* *Head of **Department of Defence Technologies* *The General Jonas **Ž**emaitis Military Academy of Lithuania* *Tel.: +370 5 210** 3555* *[image: cid:image005.png@01D1E813.C5E9EDC0]* <http://www.lka.lt/>*[image: cid:image006.png@01D1E813.C5E9EDC0]* <https://www.facebook.com/KaroAkademija/>*[image: cid:image007.png@01D1E813.C5E9EDC0]* <https://www.youtube.com/channel/UCwDc7dsEQFc4lIakZqbSiig>