Cyber Threat Intelligence : Challenges and Opportunities

The ever increasing number of cyber attacks requires the cyber security and forensic specialists to detect, analyze and defend against the cyber threats in almost realtime. In practice, timely dealing with such a large number of attacks is not possible without deeply perusing the attack features and taking corresponding intelligent defensive actions, this in essence defines cyber threat intelligence notion. However, such an intelligence would not be possible without the aid of artificial intelligence, machine learning and advanced data mining techniques to collect, analyse, and interpret cyber attack evidences. In this introductory chapter we first discuss the notion of cyber threat intelligence and its main challenges and opportunities, and then briefly introduce the chapters of the book which either address the identified challenges or present opportunistic solutions to provide threat intelligence.Comment: 5 Page

One Breaker is Enough: Hidden Topology Attacks on Power Grids

A coordinated cyber-attack on grid meter readings and breaker statuses can lead to incorrect state estimation that can subsequently destabilize the grid. This paper studies cyber-attacks by an adversary that changes breaker statuses on transmission lines to affect the estimation of the grid topology. The adversary, however, is incapable of changing the value of any meter data and can only block recorded measurements on certain lines from being transmitted to the control center. The proposed framework, with limited resource requirements as compared to standard data attacks, thus extends the scope of cyber-attacks to grids secure from meter corruption. We discuss necessary and sufficient conditions for feasible attacks using a novel graph-coloring based analysis and show that an optimal attack requires breaker status change at only ONE transmission line. The potency of our attack regime is demonstrated through simulations on IEEE test cases.Comment: 5 pages, 5 figures, Accepted to the IEEE PES General Meeting 201

Cybervandalism or Digital Act of War? America\u27s Muddled Approach to Cyber Incidents Will Not Deter More Crises

If experts say a malicious [cyber] code \u27 has similar effects to a physical bomb, \u27 and that code actually causes a stunning breach of global internet stability, is it really accurate to call that event merely an instance of a cyber attack ? Moreover, can you really expect to deter state and non-state actors from employing such code and similarly hostile cyber methodologies if all they think that they are risking is being labeled as a cyber-vandal subject only to law enforcement measures? Or might they act differently if it were made clear to them that such activity is considered an armed attack \u27 against the United States and that they are in jeopardy of being on the receiving end of a forceful, law-of-war response by the most powerful military on the planet? Of course, if something really is just vandalism, the law enforcement paradigm, with its very limited response options, would suffice. But when malevolent cyber activity endangers the reliability of the internet in a world heavily dependent on a secure cyberspace, it is not merely vandalism. Rather, it is a national and international security threat that ought to be characterized and treated as such. Unfortunately, the United States\u27 current approach is too inscrutable and even contradictory to send an effective deterrence message to potential cyber actors. This needs to change

Is the responsibilization of the cyber security risk reasonable and judicious?

Cyber criminals appear to be plying their trade without much hindrance. Home computer users are particularly vulnerable to attack by an increasingly sophisticated and globally dispersed hacker group. The smartphone era has exacerbated the situation, offering hackers even more attack surfaces to exploit. It might not be entirely coincidental that cyber crime has mushroomed in parallel with governments pursuing a neoliberalist agenda. This agenda has a strong drive towards individualizing risk i.e. advising citizens how to take care of themselves, and then leaving them to face the consequences if they choose not to follow the advice. In effect, citizens are “responsibilized .” Whereas responsibilization is effective for some risks, the responsibilization of cyber security is, we believe, contributing to the global success of cyber attacks. There is, consequently, a case to be made for governments taking a more active role than the mere provision of advice, which is the case in many countries. We conclude with a concrete proposal for a risk regulation regime that would more effectively mitigate and ameliorate cyber risk