In recent years Industrial Control Systems (ICS) have been targeted increasingly by sophisticated cyberattacks. Improving ICS security has drawn significant attention in the literature that emphasises the importance of Cyber Threat Intelligence (CTI) sharing in accelerating detection, mitigation, and prevention of cyberattacks. However, organisations are reluctant to exchange CTI due to fear of exposure, reputational damage, and lack of incentives. Furthermore, there has been limited discussion about the factors influencing participation in sharing CTI about ICS. The existing CTI-sharing platforms rely on centralised trusted architectures that suffer from a single point of failure and risk companies' privacy as the central node maintains CTI details. In this paper, we address the needs of organisations involved in the management and protection of ICS and present a novel framework that facilitates secure, private, and incentivised exchange of CTI related to ICS using blockchain. We propose a new blockchain-enabled framework that facilitates the secure dissemination of CTI data among multiple stakeholders in ICS. We provide the framework design, technical development and evaluate the framework's feasibility in a real-world application environment using practical use-case scenarios. Our proposed design shows a more practical and efficient framework for a CTI sharing network for ICS, including the bestowal and acknowledgment of data privacy, trust barriers, and security issues ingrained in this domain.
翻译:近年来,工业控制系统(ICS)日益成为复杂的网络攻击的目标。改进ICS安全在文献中引起人们的极大注意,这些文献强调网络威胁情报共享在加速发现、减缓和预防网络攻击方面的重要性,然而,由于担心接触、名誉损害和缺乏奖励,各组织不愿交流CTI。此外,关于影响参与分享ICS的CTI的因素的讨论有限。现有的CTI共享平台依赖一个单一的失败点和风险公司隐私的中央节点的集中信任架构,作为CTI的细节。在本文件中,我们处理参与管理和保护ICS的组织的需要,并提出一个新的框架,促进安全、私人和鼓励与ICS进行CTI的交流。我们提出了一个新的链式框架,便利在ICS的多个利益攸关方之间安全传播CTI数据。我们提供了框架的设计、技术发展,并评估框架在现实应用环境中的可行性,利用实用的使用情况假设。我们提议的CSS域域域域域设计了一个更切合实际的保密和信任框架。我们提议的域域域域域域设计,包括C在I-使用假设中共享这一域域域安全。