TY - GEN
T1 - Towards the adoption of automated cyber threat intelligence information sharing with integrated risk assessment
AU - Valdés Ríos, Valeria
AU - Zaidi, Fatiha
AU - Cavalli, Ana Rosa
AU - Rego, Angel
N1 - Publisher Copyright:
© 2024 ACM.
PY - 2024/7/30
Y1 - 2024/7/30
N2 - In the domain of cybersecurity, effective threat intelligence and information sharing are critical operations for ensuring appropriate and timely response against threats, but limited in automation, standardization, and ease of use in current platforms. This paper introduces a Cyber Threat Intelligence (CTI) Information Sharing platform, designed for critical infrastructures and cyber-physical systems. Our platform integrates existing cybersecurity tools and leverages digital twin technology, enhancing threat analysis and mitigation capabilities. It features an automated process for disseminating standardized and structured intelligence, utilizing the Malware Information Sharing Platform (MISP) for effective dissemination. A significant enhancement is the integration of risk assessment tools, which enriches the shared intelligence with detailed risk information, supporting an informed decision-making. The platform encompasses a user-friendly dashboard and a robust backend, streamlining the threat intelligence cycle and transforming raw data coming from diverse sources into actionable insights. Overall the CTI4BC platform presents a solution to overcome challenges in the CTI sharing, contributing to a more resilient cybersecurity domain.
AB - In the domain of cybersecurity, effective threat intelligence and information sharing are critical operations for ensuring appropriate and timely response against threats, but limited in automation, standardization, and ease of use in current platforms. This paper introduces a Cyber Threat Intelligence (CTI) Information Sharing platform, designed for critical infrastructures and cyber-physical systems. Our platform integrates existing cybersecurity tools and leverages digital twin technology, enhancing threat analysis and mitigation capabilities. It features an automated process for disseminating standardized and structured intelligence, utilizing the Malware Information Sharing Platform (MISP) for effective dissemination. A significant enhancement is the integration of risk assessment tools, which enriches the shared intelligence with detailed risk information, supporting an informed decision-making. The platform encompasses a user-friendly dashboard and a robust backend, streamlining the threat intelligence cycle and transforming raw data coming from diverse sources into actionable insights. Overall the CTI4BC platform presents a solution to overcome challenges in the CTI sharing, contributing to a more resilient cybersecurity domain.
KW - Automation
KW - Cyber Threat Intelligence
KW - Cyber-Physical Systems
KW - Cybersecurity
KW - Information Sharing
KW - Standardized Threat Intelligence
UR - http://www.scopus.com/inward/record.url?scp=85200415789&partnerID=8YFLogxK
U2 - 10.1145/3664476.3670444
DO - 10.1145/3664476.3670444
M3 - Conference contribution
AN - SCOPUS:85200415789
T3 - ACM International Conference Proceeding Series
BT - ARES 2024 - 19th International Conference on Availability, Reliability and Security, Proceedings
PB - Association for Computing Machinery
T2 - 19th International Conference on Availability, Reliability and Security, ARES 2024
Y2 - 30 July 2024 through 2 August 2024
ER -