VEHICLE-TO-EVERYTHING THREAT PROTECTION USING SECURITY INTELLIGENCE ENGINE AND MULTI-ACCESS EDGE COMPUTING

Techniques are described herein for a threat protection mechanism for Vehicle-to-Everything (V2X) communication channels. This includes shared intelligence at the Multi-access Edge Computing (MEC) function, Security Intelligence Engine (SIE), Original Equipment Manufacturer (OEM) vendors, application providers, and external device vendors. It is capable of securing Vehicle User Entities (V-UEs) simultaneously in real time

WLCG Security Operations Centres Working Group

Security monitoring is an area of considerable interest for sites in the Worldwide LHC Computing Grid (WLCG), particularly as we move as a community towards the use of a growing range of computing models and facilities. There is an increasingly large set of tools available for these purposes, many of which work in concert and use concepts drawn from the use of analytics for Big Data. The integration of these tools into what is commonly called a Security Operations Centre (SOC), however, can be a complex task - the open source project Apache Metron (which at the time of writing is in incubator stage and is an evolution of the earlier OpenSOC project) is a popular example of one such integration. At the same time, the necessary scope and rollout of such tools can vary widely for sites of different sizes and topologies. Nevertheless, the use of such platforms could be critical for security in modern Grid and Cloud sites across all scientific disciplines. In parallel, the use and need for threat intelligence sharing is at a key stage and is an important component of a SOC. Grid and Cloud security is a global endeavour - modern threats can affect the entire community, and trust between sites is of utmost importance. Threat intelligence sharing platforms are a vital component to building this trust as well as propagating useful threat data. The MISP software (Malware Information Sharing Platform) is a very popular and exible tool for this purpose, in use at a wide range of organizations in different domains across the world. In this context we present the work of the WLCG Security Operations Centres Work- ing Group, which was created to coordinate activities in these areas across the WLCG. The mandate of this group includes the development of a scalable SOC reference design applicable for a range of sites by examining current and prospective SOC projects & tools. In particular we report on the first work on the deployment of MISP and the Bro Intru- sion Detection System at a number of WLCG sites as SOC components, including areas of integration between these tools. We also report on our future roadmap and framework, which includes the Apache Metron project

Securing the Skies: Cybersecurity Strategies for Smart City Cloud using Various Algorithams

As smart cities continue to evolve, their reliance on cloud computing technologies becomes increasingly apparent, enabling the seamless integration of data-driven services and urban functionalities. However, this transformation also raises concerns about the security of the vast and interconnected cloud infrastructures that underpin these cities' operations. This paper explores the critical intersection of cloud computing and cybersecurity within the context of smart cities. This research is dealing with challenges posed by the rapid expansion of smart city initiatives and their reliance on cloud-based solutions. It investigates the vulnerabilities that emerge from this technological convergence, emphasizing the potential risks to data privacy, urban services, and citizen well-being. The abstract presents a comprehensive overview of the evolving threat landscape that smart cities face in the realm of cloud computing. To address these challenges, the abstract highlights the importance of proactive cybersecurity strategies tailored specifically to the unique needs of smart cities. It underscores the significance of adopting a multi-layered approach that encompasses robust encryption protocols, intrusion detection systems, threat intelligence sharing, and collaborative efforts among stakeholders. Drawing insights from existing research and real-world case studies, the abstract showcases innovative solutions that leverage advanced technologies like artificial intelligence and blockchain to fortify the security posture of smart city cloud infrastructures. It explores the role of data governance, user authentication, and anomaly detection in creating a resilient cybersecurity framework that safeguards critical urban systems

Autonomic computing architecture for SCADA cyber security

Cognitive computing relates to intelligent computing platforms that are based on the disciplines of artificial intelligence, machine learning, and other innovative technologies. These technologies can be used to design systems that mimic the human brain to learn about their environment and can autonomously predict an impending anomalous situation. IBM first used the term ‘Autonomic Computing’ in 2001 to combat the looming complexity crisis (Ganek and Corbi, 2003). The concept has been inspired by the human biological autonomic system. An autonomic system is self-healing, self-regulating, self-optimising and self-protecting (Ganek and Corbi, 2003). Therefore, the system should be able to protect itself against both malicious attacks and unintended mistakes by the operator

Adaptive Traffic Fingerprinting for Darknet Threat Intelligence

Darknet technology such as Tor has been used by various threat actors for organising illegal activities and data exfiltration. As such, there is a case for organisations to block such traffic, or to try and identify when it is used and for what purposes. However, anonymity in cyberspace has always been a domain of conflicting interests. While it gives enough power to nefarious actors to masquerade their illegal activities, it is also the cornerstone to facilitate freedom of speech and privacy. We present a proof of concept for a novel algorithm that could form the fundamental pillar of a darknet-capable Cyber Threat Intelligence platform. The solution can reduce anonymity of users of Tor, and considers the existing visibility of network traffic before optionally initiating targeted or widespread BGP interception. In combination with server HTTP response manipulation, the algorithm attempts to reduce the candidate data set to eliminate client-side traffic that is most unlikely to be responsible for server-side connections of interest. Our test results show that MITM manipulated server responses lead to expected changes received by the Tor client. Using simulation data generated by shadow, we show that the detection scheme is effective with false positive rate of 0.001, while sensitivity detecting non-targets was 0.016+-0.127. Our algorithm could assist collaborating organisations willing to share their threat intelligence or cooperate during investigations.Comment: 26 page

Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports

Open-Source Projects and Libraries are being used in software development while also bearing multiple security vulnerabilities. This use of third party ecosystem creates a new kind of attack surface for a product in development. An intelligent attacker can attack a product by exploiting one of the vulnerabilities present in linked projects and libraries. In this paper, we mine threat intelligence about open source projects and libraries from bugs and issues reported on public code repositories. We also track library and project dependencies for installed software on a client machine. We represent and store this threat intelligence, along with the software dependencies in a security knowledge graph. Security analysts and developers can then query and receive alerts from the knowledge graph if any threat intelligence is found about linked libraries and projects, utilized in their products

Autonomic computing meets SCADA security

© 2017 IEEE. National assets such as transportation networks, large manufacturing, business and health facilities, power generation, and distribution networks are critical infrastructures. The cyber threats to these infrastructures have increasingly become more sophisticated, extensive and numerous. Cyber security conventional measures have proved useful in the past but increasing sophistication of attacks dictates the need for newer measures. The autonomic computing paradigm mimics the autonomic nervous system and is promising to meet the latest challenges in the cyber threat landscape. This paper provides a brief review of autonomic computing applications for SCADA systems and proposes architecture for cyber security