2025

Rajamäki, Jyri; Nepal, Anup

Cyber threats continue to escalate in complexity and frequency, underlining the need for effective Cyber Threat Intelligence (CTI) exchange to secure critical infrastructures across various sectors. However, the sharing of CTI is often impeded by concerns relating to security, trust, compliance, and coordination among stakeholders. Existing frameworks such as NIST’s Risk Management Framework (RMF) and ENISA’s CTI Maturity Model provide foundational guidance. Still, they are inadequate in fully addressing the sector-specific challenges realised by industries such as healthcare, energy, and maritime. This paper explores the need for a governance framework for CTI exchange by analysing existing literature, frameworks and use cases from critical sectors. The objective is to identify areas where governance is essential for ensuring secure, efficient, and compliant CTI exchange, with a particular focus on sector-specific challenges. The DYNAMO project, a European Union initiative, serves as a key case study for demonstrating how governance principles can be integrated into practical CTI exchange systems. The governance needs for CTI exchange are examined across six phases of the resilience cycle i.e. Prepare, Prevent, Protect, Respond, Recover, and Learn & Adapt. This analysis highlights how a structured governance framework can enhance the effectiveness, security, and compliance of CTI exchange in critical infrastructure sectors. By aligning governance principles with each phase of the resilience cycle, the paper demonstrates how sector-specific challenges can be addressed through improved coordination, regulatory adherence, and continuous learning. The paper concludes that while existing frameworks provide a solid foundation, sector-specific governance models are needed to address the unique risks and regulatory requirements of critical infrastructures. As DYNAMO’s tools are piloted in healthcare, energy, and maritime sectors, future research will focus on validating the proposed governance model through real-world applications, ensuring that it is adaptable to evolving cyber threats and sectoral needs.