From the course: Cybersecurity Foundations

The Traffic Light Protocol

From the course: Cybersecurity Foundations

The Traffic Light Protocol

- [Instructor] As cybersecurity collaboration between governments and private industry and other nations has grown, it became apparent there was a need for managing information exchange without resorting to national classification schemes. Information needed to flow freely to those that needed it but not be accessible to the point where it compromised the global cybersecurity activities it was intending to assist. This led to the creation of a scheme called the Traffic Light Protocol, which adds markings to information being exchanged to indicate how freely the information can be shared. There are four marking levels, three of which reflect the colors used in traffic lights. White: where information is marked white, this information can be freely shared as there is no risk of misuse. Green information can be circulated widely within the recipient's sector community, but not via publicly accessible channels, such as an open website. An example of this would be sharing a sector-specific malware analysis. Information marked TLP Amber can be shared with members of the recipient's organization and with clients or customers who need the information to protect themselves. Once again, this information should not be shared via publicly accessible channels. This form of information might include such items as sensitive indicators of compromise. And Red, this is the highest level of marking in the protocol, and it's used when information is intended for the recipient only. This may be an individual or a committee. Unauthorized disclosure of TLP Red information could lead to impacts on a party's privacy, reputation, or operations if misused. Examples of TLP Red might include tentative attribution of a cyber attack. ENISA provides more detailed information on what we might need to think about when we receive TLP-marked information.

Contents