Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem

Threat intelligence helps businesses and organisations make the right decisions in their fight against cyber threats, and strategically design their digital defences for an optimised and up-to-date security situation. Combined with advanced security analysis, threat intelligence helps reduce the time between the detection of an attack and its containment. This is achieved by continuously providing information, accompanied by data, on existing and emerging cyber threats and vulnerabilities affecting corporate networks. This paper addresses challenges that organisations are bound to face when they decide to invest in effective and interoperable cybersecurity information sharing and categorises them in a layered model. Based on this, it provides an evaluation of existing sources that share cybersecurity information. The aim of this research is to help organisations improve their cyber threat information exchange capabilities, to enhance their security posture and be more prepared against emerging threats

Tactics, Techniques and Procedures (TTPs) to Augment Cyber Threat Intelligence (CTI): A Comprehensive Study

Sharing Threat Intelligence is now one of the biggest trends in cyber security industry. Today, no one can deny the necessity for information sharing to fight the cyber battle. The massive production of raw and redundant data coupled with the increasingly innovative attack vectors of the perpetrators demands an ecosystem to scrutinize the information, detect and react to take a defensive stance. Having enough sources for threat intelligence or having too many security tools are the least of our problems. The main challenge lies in threat knowledge management, interoperability between different security tools and then converting these filtered data into actionable items across multiple devices. Large datasets may help filtering the massive information gathering, open standards may somewhat facilitate the interoperability issues, and machine learning may partly aid the learning of malicious traits and features of attack, but how do we coordinate the actionable responses across devices, networks, and other ecosystems to be proactive rather than reactive? This paper presents a study of current threat intelligence landscape (Tactic), information sources, basic Indicators of Compromise (IOCs) (Technique) and STIX and TAXII standard as open source frameworks (Procedure) to augment Cyber Threat Intelligence (CTI) sharing

A feasibility study: California Department of Forestry and Fire Protection utilization of infrared technologies for wildland fire suppression and management

NASA's JPL has completed a feasibility study using infrared technologies for wildland fire suppression and management. The study surveyed user needs, examined available technologies, matched the user needs with technologies, and defined an integrated infrared wildland fire mapping concept system configuration. System component trade-offs were presented for evaluation in the concept system configuration. The economic benefits of using infrared technologies in fire suppression and management were examined. Follow-on concept system configuration development and implementation were proposed

ADVERTISING SOFTWARE/SECURITY USAGE DESCRIPTIONS WITH POLICY RESPONSE

Techniques are provided for an organization-maintained server which takes three inputs: (1) a set of Uniform Resource Identifiers (URIs) from Internet of Things (IoT) devices, each of which point to a manifest; (2) a set of manifests resolved from the URIs; and (3) a set of threat feeds. The server periodically compares the vulnerabilities in the threat feeds to the manifests. When a vulnerability is found, steps are taken to protect the rest of the network from the vulnerable devices until they can be remediated

Maritime Cyber Security Incident Data Reporting for Autonomous Ships

The main research objective of this thesis was to find a suitable data model to be used for incident reporting purposes in the use case of autonomous shipping. To reach this objective, some research into the maritime industry, autonomous shipping, and incident management and reporting was needed. Research into these topics was conducted via a literature review. After these topics were investigated, some current incident data modeling and sharing methods were researched. Out of these IODEF seemed like the most suitable one for our use case, so it was chosen for further inspection. The IODEF specification was looked into more closely and a conclusion was ultimately made that the IODEF data model is suitable for reporting incident data from autonomous ships to the shore control center. However, the model was still missing some key information needed for this use case, so an extension for the data model was designed. The data model and extension were then put to test via different use scenarios to test applicability for the needs of autonomous shipping. From these use scenarios it was inferred that the model is applicable for the many different incident data reporting needs of autonomous shipping. Further analysis and testing was then conducted, including a transport test over cellular and satellite connections. The test and analysis further validated the use of the data model. All in all, the research was a success and a good data model was found for reporting incidents from autonomous ships. The work with the data model will continue further outside this thesis

SEE-TREND: SEcurE Traffic-Related EveNt Detection in Smart Communities

It has been widely recognized that one of the critical services provided by Smart Cities and Smart Communities is Smart Mobility. This paper lays the theoretical foundations of SEE-TREND, a system for Secure Early Traffic-Related EveNt Detection in Smart Cities and Smart Communities. SEE-TREND promotes Smart Mobility by implementing an anonymous, probabilistic collection of traffic-related data from passing vehicles. The collected data are then aggregated and used by its inference engine to build beliefs about the state of the traffic, to detect traffic trends, and to disseminate relevant traffic-related information along the roadway to help the driving public make informed decisions about their travel plans, thereby preventing congestion altogether or mitigating its nefarious effects

FRIEND: A Cyber-Physical System for Traffic Flow Related Information Aggregation and Dissemination

The major contribution of this thesis is to lay the theoretical foundations of FRIEND — A cyber-physical system for traffic Flow-Related Information aggrEgatioN and Dissemination. By integrating resources and capabilities at the nexus between the cyber and physical worlds, FRIEND will contribute to aggregating traffic flow data collected by the huge fleet of vehicles on our roads into a comprehensive, near real-time synopsis of traffic flow conditions. We anticipate providing drivers with a meaningful, color-coded, at-a-glance view of flow conditions ahead, alerting them to congested traffic. FRIEND can be used to provide accurate information about traffic flow and can be used to propagate this information. The workhorse of FRIEND is the ubiquitous lane delimiters (a.k.a. cat\u27s eyes) on our roadways that, at the moment, are used simply as dumb reflectors. Our main vision is that by endowing cat\u27s eyes with a modest power source, detection and communication capabilities they will play an important role in collecting, aggregating and disseminating traffic flow conditions to the driving public. We envision the cat\u27s eyes system to be supplemented by road-side units (RSU) deployed at regular intervals (e.g. every kilometer or so). The RSUs placed on opposite sides of the roadway constitute a logical unit and are connected by optical fiber under the median. Unlike inductive loop detectors, adjacent RSUs along the roadway are not connected with each other, thus avoiding the huge cost of optical fiber. Each RSU contains a GPS device (for time synchronization), an active Radio Frequency Identification (RFID) tag for communication with passing cars, a radio transceiver for RSU to RSU communication and a laptop-class computing device. The physical components of FRIEND collect traffic flow-related data from passing vehicles. The collected data is used by FRIEND\u27s inference engine to build beliefs about the state of the traffic, to detect traffic trends, and to disseminate relevant traffic flow-related information along the roadway. The second contribution of this thesis is the development of an incident classification and detection algorithm that can be used to classify different types of traffic incident Then, it can notify the necessary target of the incident. We also compare our incident detection technique with other VANET techniques. Our third contribution is a novel strategy for information dissemination on highways. First, we aim to prevent secondary accidents. Second, we notify drivers far away from the accident of an expected delay that gives them the option to continue or exit before reaching the incident location. A new mechanism tracks the source of the incident while notifying drivers away from the accident. The more time the incident stays, the further the information needs to be propagated. Furthermore, the denser the traffic, the faster it will backup. In high density highways, an incident may form a backup of vehicles faster than low density highways. In order to satisfy this point, we need to propagate information as a function of density and time

A flexible information service for management of virtualized software-defined infrastructures

Summary There is a major shift in the Internet towards using programmable and virtualized network devices, offering significant flexibility and adaptability. New networking paradigms such as software-defined networking and network function virtualization bring networks and IT domains closer together using appropriate architectural abstractions. In this context, new and novel information management features need to be introduced. The deployed management and control entities in these environments should have a clear, and often global, view of the network environment and should exchange information in alternative ways (e.g. some may have real-time constraints, while others may be throughput sensitive). Our work addresses these two network management features. In this paper, we define the research challenges in information management for virtualized highly dynamic environments. Along these lines, we introduce and present the design details of the virtual infrastructure information service, a new management information handling framework that (i) provides logically centralized information flow establishment, optimization, coordination, synchronization and management with respect to the diverse management and control entity demands; (ii) is designed according to the characteristics and requirements of software-defined networking and network function virtualization; and (iii) inter-operates with our own virtualized infrastructure framework. Evaluation results demonstrating the flexible and adaptable behaviour of the virtual infrastructure information service and its main operations are included in the paper. Copyright © 2016 John Wiley & Sons, Ltd