Threat intelligence platform for the energy sector

摘要

In recent years, critical infrastructures and power systems in particular have been subjected to sophisticated cyberthreats, including targeted attacks and advanced persistent threats. A promising response to this challenging situation is building up enhanced threat intelligence (TI) that interlinks information sharing and fine-grained situation awareness. In this paper, a framework that integrates all levels of TI, ie, strategic, tactical, operational, and technical, is presented. The platform implements the centralized model of information exchange with peer-to-peer interactions between partners as an option. Several supportive solutions were introduced, including anonymity mechanisms or data processing and correlation algorithms. A data model that enables communication of cyberincident information, both in natural language and machine-readable formats, was defined. Similarly, security requirements for critical components were devised. A pilot implementation of the platform was developed and deployed in the operational environment, which enabled practical evaluation of the design. Also, the security of the anonymity architecture was analyzed.