One of the larger projects that the COMAND Technology Gateway had direct input in proposing solutions for during 2018 was surrounding cyber-security. The aim of the project was to provide security teams with a greater cyber defence capability through improved cyber situational awareness (CSA). This would simultaneously raise their level of awareness of the risk to their business posed by cyber-attacks and enhance their capacity to respond to threats. The project approaches this task from a number of different angles.
We plan to develop a ‘Knowledge Exchange’ to facilitate the sharing of threat intelligence (TI) and will apply this to the client domain to significantly improve the degree of TI sharing. We develop novel approaches to assessing data quality trust in order to improve acceptance and usage of TI. Sharing of knowledge about security threats among peers greatly increase the security teams’ chances of preventing cyber-attacks.
We also will develop tools to allow both internal and external to model their mission and constituency (i.e. assets) and to link these together to indicate the criticality of assets to the organisation. The rankings and statistics produced will allow the security team to ascertain whether their most critical data and assets are under threat.
In order to communicate this information in various levels of detail to the security team member, we apply several novel techniques to the development of security alert prioritisation. The prioritisation framework algorithms will use several different alert attributes, including context awareness, to determine the ranking of the alerts.
The final product will be an easily deployable and secure threat monitoring and modelling system that is easy for the clients to understand. The client will also have the option to share their gathered security alert data with other peers and also benefit from the data collected from other peers. This sharing will improve the effectiveness of the system over time.