Blockchain-based Cybersecurity Informa8on...

Blockchain-based Cybersecurity Informa8on Sharing for Improved Resiliency

Dr.DeepakK.ToshAssistantProfessor

DepartmentofComputerScienceUniversityofTexasatElPaso

Email:dktosh@utep.edu

Outline

• MoBvaBon• Cyber-ThreatInformaBon(CTI)sharing• CurrentEfforts• Modelinga“Specific”Problem:SharingParBcipaBon• BlockchainforInformaBonSharing• ResearchChallenges• ConcludingRemarks

Growth of Cyber Threats

• AdvancedcyberaOacksarewellorganizedandhardtodetect

•  ExploitsareeasilyacquiredandcanbereusedonmulBpletargets• ReacBvestrategiesareinsufficienttodealwiththethreats

Need of Threat Intelligence

• CyberaOacksmaynotbepreventedbuttheirimpactscanbereducedby•  Improvingcyber-awarenessandunderstandingthreatlandscape•  CollaboraBveeffortfromenterprisesaswellasgovernment•  Imposingsecuritypolicies/laws(e.g.GDPR)

• Cyber-ThreatIntelligence(CTI)canderive•  AcBonableinformaBonfromvariouslowlevelthreatindicators(likeIP,email,maliciousURLs,domainnames,aOackpaOern,geo-locaBoninfo,malwarehash)•  Findingtargetedresources,threatactors,methods/toolsused,aOackcharacterisBcs,IoC,etc.

Handling Cybersecurity Threats

•  Securityinvestmenthelpsin•  Discoveringsystemloopholes,bugs,vulnerabiliBes•  IdenBfymaliciousacBviBes•  DevelopinganB-threatstrategies

Improvesdefenders’abilitytopredicta2ackerbehaviorandcreatemoredynamicdefenses• Demerits:•  Costly•  Timeconsuming

Cybersecurity Informa8on Sharing

• AnecosystemwhereacBonablecyber-threatintelligenceissharedautomaBcallyacrossverBcalsandpublic/privatesectorsinnearreal-Bmetocombatcyberthreatlandscape• Benefits•  AccesstoIndicators,TacBcs,techniques,andprocedures(TTPs),Securityalerts,Threatintelligencereports,ToolconfiguraBons•  EnhanceoperaBonalunderstandingofcyberthreats•  ProacBveDefense•  ReduceCyberRisk•  PrioriBzedMiBgaBonPlan•  CosteffecBvedefensestrategy

Limita8ons of Informa8on Sharing

•  SomethingstopsorganizaBonsfromsharing!!!•  JeopardizethesecuritypostureofthesharingorganizaBon•  Externalimpactssuchasmarketvalue,reputaBon,etc.•  InformaBonfree-riding•  SpuriousinformaBonandprocessingoverheads

How did we get here?

Following9-11FederalInformaBonSharinggrows-failuretoconnectthedots

In2007,PresidentBushcreatesComprehensiveNaEonalCyberIniEaEve(CNCI)-ConnecttheFedCyberCentersinordertoaddresscyberthreatlandscape

In2013,EnhanceSharedSituaEonAwarenessProject(ESSA)createdtoautomatecyberthreatinformaBonsharingbetweenFedCyberCenters.-StandardsharinglanguagesSTIX/TAXII,sharedcapabilityproviders,andcommonsharingagreement(MISA).

In2015,CybersecurityInformaEonSharingAct(CISA)passed.-EstablishestheDHSAutomatedIndicatorSharing(AIS)ProgramforsharingcyberthreatindicatorsanddefensivemeasuresbetweentheFederalGovernmentandNon-FederalEnBBes.

In2016thelegacyofESSAisleveragedbyDHSforconBnuaBonofFederalCyberThreatInformaBonSharingandcoordinaBonthroughtheFederalCybersecurityInteragencyGroup(FCIG).

Cybersecurity Informa8on Sharing Today

• CybersecurityInformaBonsharinghasbeengoingonthroughISACs,ISAOs,eco-systems,opensource,andcommercialofferings•  LimitaBons•  Generallyunstructureddata•  Ad-hocmanualcommunicaBonssuchasemail/IM/IRC/paper•  Fewautomatedtools•  LackofincenBvemodelforvoluntaryparBcipaBon

Outline

ü MoBvaBonü Cyber-ThreatInformaBon(CTI)sharingü CurrentEfforts• Modelinga“Specific”Problem:SharingParEcipaEon• BlockchainforInformaBonSharing• ResearchChallenges• ConcludingRemarks

CYBEX Self-Coexistence Game

• N-firmsplayindependentlytofigureoutwhethertoparBcipateintheCTIsharingornot

Conflict:•  Firms’parBcipaBondependonparBcipaBoncostchargedbyCYBEX•  IfCYBEXchargestoohigh,lowparBcipaBonmightberesulted•  IfCYBEXchargestoolow,CYBEXmightnotbeprofitable

•  Firm’snetpayoffdependstwomajorfactors:•  SharingandInvestmentGain•  ParBcipaBoncostandcostofinformaBonshared

•  Thestrategicformcanbe

•  IfSislow,thenpurestrategyNashequilibriumforthesinglestagegameis:(NotPar)cipate,NotPar)cipate)•  CYBEXcannotsurviveinthiscase

• MulE-stageevoluEonaryanalysisisimportant

Evolu8onary Game Analysis

Goal:FindevoluBonarystablestrategy(ESS)thatcannotbeinvadedbyanyotherstrategyReplicatorDynamics:Assume,𝛼=ProporBonofpopulaBonwhoparBcipateandshareinCYBEX,thetransformaBonrate(𝑔(𝛼))is•  ProporBonaltodifferenceofexpectedindividualuBlityforthatstrategy(𝐸↓𝑠ℎ (𝑢))andexpecteduBlityofthepopulaBono 𝑔(𝛼)=𝛼[ 𝐸↓𝑠ℎ (𝑢)−𝐸(𝑢)]

Where,𝐸(𝑢)isaverageuBlityofthewholepopulaBon

Solving the Game

§  Solvingfor𝑔(𝛼)=0,wefind

§  Tohavestableneighborhood,𝑔↑′ (𝛼)<0§ WisechoiceofincenBveorparBcipaBoncost(c)isneededtomoBvatethesociallyopBmalbehavior

Interes8ng Evolu8onary Strategy

•  ExactESSisdecideddependingoniniBalsharingstrategypopulaBon(𝛼)•  𝛼↓𝑠𝑜𝑙↓1  (NoSharing)isESS,if0<𝛼< 𝑐+𝑥/(𝑆−1)𝑎𝑙𝑜𝑔(1+𝐼) •  𝛼↓𝑠𝑜𝑙↓2  (Share&ParBcipate)isESS,if𝑐+𝑥/(𝑆−1)𝑎𝑙𝑜𝑔(1+𝐼) <𝛼<1

Incen8viza8on through Par8cipa8on Cost

• DynamicincenBve/parBcipaBoncostexploitstheESScondiBons•  RevenueofCYBEXgrowsperiodically

•  StaBccostdemoBvatesfirmsfromparBcipaBon

Other Challenges

• Cyber-investment•  OpBmalsecurityinvestmentwhilesharingisconsidered

•  InformaBonOwnership

•  IntegrityandAuditabilityofsharedinformaBon

Outline

ü MoBvaBonü Cyber-ThreatInformaBon(CTI)sharingü CurrentEffortsü Modelinga“Specific”Problem:SharingParBcipaBon• BlockchainforInformaEonSharing• ResearchChallenges• ConcludingRemarks

Blockchain for Informa8on Sharing

Blockchain(IntegralpartofBitcoin):• AnopendistributedledgertorecordtransacBonsimmutably• Cost-lessverificaEonoftransacBons•  Fault-tolerant

Source:hOps://en.wikipedia.org/wiki/Blockchain

Blockchain-empowered Cybersecurity Informa8on Sharing Goals

What?Real-BmedisseminaBonofrelevantandacBonablecyberthreatindicatorsanddefensivemeasuresWho?Government,militaryandcommercialsectorsWhy?ProacBvedefenseandreducecyberriskWhile?Ensuringintegrity,trust,andprivacy

Blockchain-integrated Informa8on Sharing

Provenance:•  AudiBngprocesswhichmaintainsarecordofalloperaBonsconductedonsharedthreatinformaBon•  MaintainInformaBonIntegrity

Research Challenges

Ø EnsuringinformaBonprivacy

Ø PruningredundantinformaBon

Ø DerivingacBonablethreatintelligence

Ø Qualityvs.quanBty

Ø Enablingsector-wiseinformaBonsharing

Concluding Remarks

• Cybersecuritylandscapeishugeandtherearealottoexplore• Cyber-threatinformaBonsharingisoneimportantiniBaBvetowardproacBvedefense• BlockchaintechnologyisanewfronBertodesigntamper-resistantsystems• Aworkingpladormthatintegratesbothisyettocome

Thank You QuesBons??

Blockchain-based Cybersecurity Informa8on...

Documents

NATIONAL CYBERSECURITY STRATEGY III - gouvernement€¦ · NATIONAL CYBERSECURITY STRATEGY III NATIONAL CYBERSECURITY STRATEGY III MAIN STATE BODIES INVOLVED IN NATIONAL CYBERSECURITY

Critical Cybersecurity Questions Cybersecurity... · Critical Cybersecurity Questions 1 • How do you measure successful cybersecurity efforts? • Who is accountable for cybersecurity?

Cybersecurity 5 improving cybersecurity

SACCO CYBERSECURITY REPORT 2018 - Serianu · Serianu Sacco Cybersecurity Report 201 Demystifying Cybersecurity for Saccos Demystifying Cybersecurity for Saccos Highlights The past

CYBERSECURITY - Gogo Business Aviationlearn.business.gogoair.com/rs/097-RTO-429/images/... · CYBERSECURITY 1 Solutions brief. CYBERSECURITY: IT’S IN OUR DNA You should take cybersecurity

Cybersecurity 3 cybersecurity costs and causes

Cybersecurity Dynamics - University of Texas at San Antonioshxu/socs/hotsos-poster-cybersecurity-dynamics.… · Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity

2015 Cybersecurity Awareness › ... › cdse › cybersecurity-awareness.pdf• Cybersecurity Awareness, CI130.16 • Information Assurance/Computer Network Defense Information Sharing,

EY Cybersecurity and the Internet of Things › services › advisory › cybersecurity › ...Cybersecurity and the Internet of Things Cybersecurity and the Internet of Things | 3

Cybersecurity Essentials 1.0 At A Glance ecs · Cybersecurity Essentials At-A-Glance Cybersecurity risks and threats are ever-present. ... Cybersecurity Essentials is delivered through

CyberSecurity in Medical Devices - IMDRF...CyberSecurity in Medical Devices • Risk level of cybersecurity in medical device higher than traditional IT fields. • Cybersecurity problems

CYBERSECURITY RISK DISCLOSURE AND CYBERSECURITY DISCLOSURE ... · CYBERSECURITY RISK DISCLOSURE AND CYBERSECURITY DISCLOSURE GUIDANCE ABSTRACT Cybersecurity risk disclosure has received

Canalys worldwide vendor benchmark: cybersecurity · 2019-12-13 · Canalys worldwide vendor benchmark: cybersecurity Top 11 worldwide cybersecurity vendors Worldwide ranking Cybersecurity

NATIONAL CYBERSECURITY STRATEGY III · National Cybersecurity Strategy III (NCSS III) 10 Definition of Cybersecurity 10 1. Cybersecurity governance 11 1.1. Main state bodies involved

SIFMA Cybersecurity - SMALL FIRMS CYBERSECURITY GUIDANCE ... · CYBERSECURITY SMALL FIRMS CYBERSECURITY GUIDANCE ... the best practices in this guide in a risk-based, ... VULNERABILITY

Assessing Cybersecurity Risk - IIA Assessing... · GTAG / Assessing Cybersecurity Risk Key Risks and Threats Related to Cybersecurity Cybersecurity is relevant to the systems that

Cybersecurity - enquirya.com · to prepare a European Cybersecurity Competence Network & contribute to the European cybersecurity industrial strategy Cybersecurity Partners: 46 EU

EMERGING TECHNOLOGIES IN CYBERSECURITY · EMERGING TECHNOLOGIES IN CYBERSECURITY | Randall Lewis 1 EMERGING TECHNOLOGIES IN CYBERSECURITY ... Cybersecurity and Cybersecurity Technologies

Cybersecurity Domains: What Comprises a …02f9c3b.netsolhost.com/blog1/wp-content/uploads/Cybersecurity...Cybersecurity Domains: What Comprises a Cybersecurity Suite? ... Tools, Hardware

China's New Cybersecurity Law and U.S-China Cybersecurity