Generating and sharing cyber threat intelligence in industrial control systems

Overview

Cyber threat intelligence (CTI) is the knowledge about a threat, and it includes threat indicators such as Tactics, Techniques, and Procedures (TTPs), IPs, etc. CTI can help organisations to learn about existing threats. Cyber threat intelligence can be received from external open-source threat intelligence or it can be extracted from adversarial activities in organisations’ networks. The CTI generated will be used to build intelligence about threats against a given target.

In cyber threat intelligence, indicators of compromises (IoCs) are generated. These IoCs of the detected adversary can be processed and distributed by CTI sharing techniques like blockchain. This technique is utilised to share IoCs of attacks and vulnerability information, and it allows security analysts to use CTI information from other companies and share back their IoCs with other trusted partners. These shared IoCs can be used to update detection rules and blacklists in security devices like firewalls.

This project will investigate how threat intelligence IoCs can be created and shared for new emerging attack TTPs using blockchain. In addition, this project aims to design and implement a blockchain-based CTI sharing solution.

Research activities

• Review existing blockchain-based designs for CTI sharing and identify gaps in the current solutions.
• Design a blockchain-based CTI sharing solution to address the identified gaps.
• Implement the proposed solution.

Outcomes

• Review existing blockchain-based designs for CTI sharing and identify gaps in the current solutions
• Design a blockchain-based CTI sharing solution to address the identified gaps.
• Implement the proposed solution.

Skills and experience

Knowledge of computer networks and blockchain.

Keywords

• cyber threat intelligence
• blockchain
• Industrial control systems

Contact

Contact the supervisor for more information.