HERMES

CONCEPT & METHODOLOGY

The HERMES Data Exchange Platform (DXP) will provide a foundation for a disruptive paradigm shift in autonomous military systems by addressing the challenge of feeding cyber situational awareness and autonomous cyber response systems with relevant and appropriate cybersecurity information that is essential for cyber information superiority and improving the ability of cybersecurity applications to interoperate and function autonomously in a reliable manner.

Standards development is long and costly, a significant drawback for the field of cybersecurity, which is fast-moving and financed with parsimony, and therefore more focused on immediate needs than innovative approaches. Data modelling in cybersecurity is also more difficult than in the conventional military domain because the realities to be modelled are not as well understood. To make matters worse, sensitivity of data, reputation and liability concerns, and privacy regulations further complicate information sharing efforts and collaboration. The result is that collaboration and information sharing are by far sub-optimal, existing trust relationships and mutual benefit situations are not exploited and outsourcing of data management activities to leverage specialization is very limited.

Addressing these domain-specific constraints is a common problem for all seeking to exchange data and collaborate. Most communities continue to follow the traditional approach based on interoperability standards, with each then expending time and resources individually to build their own systems to address the exact same problems they face. These systems become far less effective because they are constrained by the need to meet the agreed standards which become difficult to evolve, and collectively far more expensive as everyone tackles the same challenges separately instead of working together towards a common solution.

With HERMES, a line is drawn between the concerns of data representation, storage and exchange, and the concerns related to the uses made of exchanged data. HERMES looks at all data just as data, regardless of the use made of it. It recognizes that data format (syntax and semantics) needs to change at different paces for different participants to an exchange. It recognizes that exchange of cybersecurity data is far more complex than most people realize and tackles this complexity head-on. HERMES is a foundational system intended to be available to all, a joint effort to address the full set of common problems faced by all. By disassociating management and use of data, HERMES offers the opportunity for applications to obtain their data from a common system that takes care of the common data representation, storage and exchange issues. This is a significant effort saved by all, and the savings can be applied to developing better applications for individual and specific needs.

In terms of nomenclature, HERMES and the HERMES Data Exchange Platform are used interchangeably. The term “Data Exchange Platform” is abbreviated DXP and has been chosen for the following reasons:

Data

Because the primary usage of the information held in HERMES is automated and autonomous therefore relevant and timely data is required

Exchange

Because one of the key strengths of HERMES is to facilitate the exchange of data across cybersecurity solutions, organisational boundaries, and security domains

Platform

To stress the fact that HERMES is not a cybersecurity tool per se, but rather a foundational system that provides data to cybersecurity applications