Cyberattack Ontology: A Knowledge Representation for Cyber Supply Chain Security

Yeboah-Ofori, Abel; Ismail, Umar Mukhtar; Swidurski, Tymoteusz; Opoku-Boateng, Francisca Afua

doi:10.1109/iccma53594.2021.00019

Cited by 7 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [35], cyberattack ontology concepts are explored to provide semantic mapping and relationships for determining attack patterns and risks. To address growing cyber supply chain threats, the lack of threat intelligence, and issues of trust, it is essential for organizations to understand and map the security relationships in a supply chain.…”

Section: Supply Chain Attacksmentioning

confidence: 99%

Expert-Guided Security Risk Assessment of Evolving Power Grids

et al. 2022

View full text Add to dashboard Cite

Electric power grids, which form an essential part of the critical infrastructure, are evolving into highly distributed, dynamic networks in order to address the climate change. This fundamental transition relies on extensive automation solutions based on communications and information technologies. Thus, it also gives rise to new attack points for malicious actors and consequently, increases the vulnerability of the electric energy system. This study presents a qualitative assessment of power grid cybersecurity through expert interviews across countries in Europe and the U.S. to gain understanding of the latest developments and trends in the cybersecurity of future electric energy systems. The horizon of the assessment is 10 years spanning until the early 2030s. Thereafter, the study identifies how and to which extent the risks identified to be most significant are understood and addressed in the latest research and industry publications aiming at identifying areas deserving specific further attention. The most significant threats based on the assessment are False Data Injection (FDI), Denial of Service (DoS) supply chain, and ransomware and malware attacks.

show abstract

Section: Supply Chain Attacksmentioning

confidence: 99%

Expert-Guided Security Risk Assessment of Evolving Power Grids

et al. 2022

View full text Add to dashboard Cite

show abstract

“…Watering hole techniques are described in [42,43]. Even less common delivery techniques, such as baiting [44,45] or supply chain compromise [46][47][48] have been deeply analysed. Please note that although not widely used until now, supply chain compromise is an increasing trend for threat actors, as we will detail later in this paper.…”

Section: Techniques and Limitationsmentioning

confidence: 99%

A Taxonomy for Threat Actors’ Delivery Techniques

2022

View full text Add to dashboard Cite

The main contribution of this paper is to provide an accurate taxonomy for delivery techniques, which allows the detection of novel techniques and the identification of appropriate countermeasures. Delivery is a key stage for offensive cyber operations. During delivery, a threat actor tries to gain an initial foothold into the targeted infrastructure. It is the first step of an offensive cyber operation, where the threat actor interacts with its victim in a hostile way; thus, its success is mandatory for the global achievement of the operation. However, delivery techniques are not well structured among the literature, being in many cases a simple list of techniques with which, if one of them is slightly modified by the threat actor, its detection becomes very difficult. This situation hinders the modeling of hostile actors, a fact that makes it difficult to identify countermeasures to detect and neutralize their malicious activities. In this work, we analyze the current delivery techniques’ classification approaches and the problems linked to them. From this analysis, we propose a novel taxonomy that allows the accurate classification of techniques, overcoming the identified problems and allowing both the discovery of new techniques and the detection of gaps in deployed countermeasures. Our proposal significantly reduces the amount of effort needed to identify, analyze, and neutralize hostile activities from advanced threat actors, in particular their initial access stage. It follows a logical structure that can be easy to expand and adapt, and it can be directly used in the industry’s commonly accepted standards, such as MITRE ATT&CK.

show abstract

“…Cyber threat intelligence (CTI) has shown the potential to improve cybersecurity and the handling of cyberattacks, by facilitating informed decision-making and creating an adaptable environment for the vastly evolving threat landscape (Yeboah-Ofori et al, 2021). While CTI is currently predominantly used in reactive contexts, this research is oriented towards enhancing the proactive use of CTI for SCSC resilience (Samtani et al, 2017).…”

Section: Introductionmentioning

confidence: 99%

Leveraging Gamification for Cyber Threat Intelligence for Resilience in Satellite Cyber Supply Chains

Kriesten,

Thinyane,

Ormrod

2024

eccws

View full text Add to dashboard Cite

Cyber Threat Intelligence (CTI) is collected threat information put in context to enhance decision-making before, during and after an attack. The application of CTI is widely limited to the reactive field of cybersecurity. The evolving cyber threat landscape requires a shift to an anticipatory and adaptable approach that addresses the complex and changing cybersecurity environment. CTI has the potential to support this shift to proactive threat handling towards a more resilient cybersecurity posture. This research is part of a project that aims to enhance the use of CTI for satellite cyber supply chain resilience through gamification. Cybersecurity games are established tools to raise security awareness and train security staff in red and blue team exercises. However, there is a lack of research on how gamification and serious games can be used to improve the application of CTI and enable training for security staff, even though existing literature points out the beneficial effects of gamification. Building on the gamification approach in cybersecurity, the research focuses on creating a gamified experience that simulates a cyber-attack derived from real-world examples and the utilisation of CTI to handle the simulated cyber-attack. The scenario addresses the need for informed decision-making throughout a cyber-attack by focusing on the utilisation of CTI in the context of satellite cyber supply chain security as the domain of application. This paper takes stock of the recent developments in CTI towards improving cyber resilience and presents gamification for cybersecurity and CTI to highlight the benefits of the approach. Further, it discusses the potential of gamification as an effective tool for CTI and describes the approach that is used to build a gamification solution inspired by real-world events. This paper contributes to the nascent research on gamification of CTI to strengthen cyber resilience in the context of increasingly frequent and sophisticated cyber threats, especially against space systems.

show abstract

Cyberattack Ontology: A Knowledge Representation for Cyber Supply Chain Security

Cited by 7 publications

References 8 publications

Expert-Guided Security Risk Assessment of Evolving Power Grids

Expert-Guided Security Risk Assessment of Evolving Power Grids

A Taxonomy for Threat Actors’ Delivery Techniques

Leveraging Gamification for Cyber Threat Intelligence for Resilience in Satellite Cyber Supply Chains

Contact Info

Product

Resources

About