Traffic Light Protocol (TLP) 2.0 Threat Intel Sharing Standard Now Available for Cyware Customers


In modern security operations, security teams and decision-makers at various levels constantly communicate and collaborate by sharing threat intelligence over various channels. This sharing of threat intelligence also occurs across organizational boundaries and poses various security risks if not managed properly. This is why the security industry adopted the Traffic Light Protocol (TLP), an easy-to-understand and useful standard to govern information disclosure practices.
In its push to foster the growth of intelligence sharing, the Cyware Situational Awareness Platform (CSAP) has become one of the earliest adopters of the new TLP 2.0 standard recently launched by the Forum of Incident Response and Security Team (FIRST). TLP 2.0 provides more granular control over threat intelligence sharing and is more user-friendly as compared to the previous version.
Why is this important?
- Greater control over information disclosure : Through the use of the new TLP 2.0 standard, organizations can practice threat information sharing while establishing coherent and consistent boundaries to avoid misuse of any sensitive information. 
- Building trust in intel sharing communities : The inclusion of the TLP 2.0 standard in the CSAP helps improve the flow of threat information among security teams, decision makers, partner organizations, or sharing communities like ISACs/ISAOs in a controlled and trusted way. 
- Improved risk communication : The designation of shared information using the TLP 2.0 standard also helps all stakeholders within an organization reduce the chances of human error that could lead to improper disclosure of information. 
- Better accessibility : CSAP makes information sharing more accessible for organizations worldwide with the new TLP 2.0 standard, which brings enhancements aimed at helping non-native English speakers and providing consistent language, terminology, and definitions for the cybersecurity community. 
What is new in TLP 2.0?
The TLP 2.0 standard comprises four designations and a sub-designation. This includes:
- TLP:CLEAR - No limits on disclosure. 
- TLP:GREEN - Limited disclosure within the community. 
- TLP:AMBER - Limited disclosure on a need-to-know basis within the organization and with clients. 
- TLP:AMBER+STRICT - Limited disclosure on a need-to-know basis only within the organization. 
- TLP:RED - No further disclosure beyond an individual recipient. 
The TLP:WHITE designation has been renamed as TLP:CLEAR in the latest standard. On the other hand, a new TLP:AMBER+STRICT designation has been added to highlight information that is restricted to the recipient’s organization only. Additionally, it also now contains a colors table to include RGB, CMYK, and hexadecimal color codes.
While sharing alerts in CSAP, users will be able to use the latest TLP designations to appropriately classify information based on its relevance and confidentiality requirements for the recipients.
**The bottom line **
CSAP helps large enterprises and information sharing communities (ISACs/ISAOs) establish precise control over the sharing of sensitive threat intelligence and real-time alerting based on role, location, and industry sector. As ISACs and ISAOs across healthcare, retail, energy, space, aviation, automotive, and other sectors continue to leverage CSAP for sharing intelligence with their member organizations and for ISAC-to-ISAC sharing, the addition of the TLP 2.0 standard creates a modernized and reliable threat information sharing workflow. While the evolving threat landscape may continue to challenge defenders, Cyware has once again given organizations a new and improved way to share information while working collaboratively to counter shared cyber threats.
To learn more about TLP 2.0 and Cyware’s threat intelligence sharing solutions, click here to schedule a free demo.
About the Author
