In recent years, critical infrastructures and power systems in particular have been subjected to sophisticated cyberthreats, including targeted attacks and advanced persistent threats. A promising response to this challenging situation is building up enhanced threat intelligence that interlinks information sharing and fine-grained situation awareness. In this paper a framework which integrates all levels of threat intelligence i.e. strategic, tactical, operational and technical is presented. The platform implements the centralised model of information exchange with peer-to-peer interactions between partners as an option. Several supportive solutions were introduced, including anonymity mechanisms or data processing and correlation algorithms. A data model that enables communication of cyberincident information, both in natural language and machine-readable formats was defined. Similarly, security requirements for critical components were devised. A pilot implementation of the platform was developed and deployed in the operational environment, which enabled practical evaluation of the design. Also the security of the anonymity architecture was analysed.
Authors
Additional information
- DOI
- Digital Object Identifier link open in new tab 10.1002/spe.2705
- Category
- Publikacja w czasopiśmie
- Type
- artykuł w czasopiśmie wyróżnionym w JCR
- Language
- angielski
- Publication year
- 2019