Decentralised Marketplace for Cyber Threat Information

Written by PHOENIX project on 06. 12. 2021.

As stated in a 2019 cyber-crime study conducted by Accenture [1], there is a growing trend in the financial loss that different cyberattacks would incur on organizations. This study also predicted that in the next five years cyber threats would jeopardize the assets of companies exposed to this class of attacks with the estimated value of 5.2 trillion dollars. Thereby, the numbers mentioned above highlight the definite need for robust and reliable procedures aimed at securing organizations and critical infrastructure against complex cyberattacks.

The standard information security mechanisms and technologies such as firewalls have been widely deployed in critical infrastructures as mitigation for malicious activities, they are nevertheless inadequate to counter correlated and sophisticated cyberattacks [2].

A vast majority of organizations collectively agreed that sharing Cyber Threat Information (CTI) is one of the most effective solutions to combat modern adversaries [3]. This statement had been backed by the SANS study [4], in which about 81% of security experts mentioned that they leverage shared CTI to achieve better cyber-security resilience. Furthermore, in the same study SANS demonstrated that the volume of produced and consumed threat information has been continuously increasing over the last few years. This trend implies a massive growth in the number of organizations that are actively contributing to sharing information.

Establishing a successful CTI sharing system relies on several factors. For this reason, the National Institute of Standard and Technology (NIST) defined a set of guidelines for effective CTI sharing. Additionally, it attributed the reluctance of organizations to share threat information to the following factors: trust issues, privacy concerns particularly regarding classified and personal data, lack of automated and interoperable sharing mechanisms, the asymmetry between CTI publisher and consumer, reliability of a shared information, regulation, and traceability issues [5].

To support the described requirements, several voluntary and community-driven CTI sharing platforms such as historic incidents and Open-Source Intelligence (OSINT) have been established. Additionally, legislation institutes such as NIST defined a set of guidelines and directives concerning sharing threat information. Consequently, organizations particularly the operators of essential services are obliged to comply with these directives or otherwise they would face punishments. These strict regulations are commonly put into practice after the failure of voluntary approaches aimed at sharing threat information among different organizations in a timely and actionable manner.

To address the inherited deficiencies in the above approaches, the CTI marketplace was proposed as a win-win approach with novel incentive models [6]. In the PHOENIX project, a blockchain-based CTI marketplace is developed that leverages blockchain technologies to establish trusted relationships between CTI producers and consumers while incentivizing the producers to share their information. More precisely, this solution enables trusted and transparent relationships between different participants through the immutable logs and consensus engine provided by the blockchains. This novel CTI exchange model also incentivizes CTI producers through rewards which may come in different forms such as money and reputation scores. Furthermore, it leverages smart contracts to automate the whole process of data exchange. The marketplace shares CTI only with authorized partners. Besides, it ensures that the integrity of CTI is preserved while exchanging between diverse participants. To comply with the GDPR, particularly personal right to be forgotten, as well as to minimize the performance loss, the full CTI record would be stored in the conventional database while the hash of the threat information would be recorded in the blockchain and later would be used for the integrity check.

References

[1] Bissell, K.; Lasalle, R.M.; Dal Cin, P. The cost of cybercrime—Ninth annual cost of cybercrime study.Ponemon Institute andAccenture Security. https://www. accenture. com/_acnmedia/PDF-96/Accenture-2019-Cost-of-Cybercrime-Study-Final. pdf# zoom2019,50

[2] Leszczyna, R.; Łosi ́nski, M.; Małkowski, R. Security information sharing for the polish power system. 2015 Modern ElectricPower Systems (MEPS). IEEE, 2015, pp. 1–6.

[3] Luiijf, H.; Kernkamp, A. Sharing cyber security information: Good practice stemming from the dutch public-private-participationapproach2015

[4] Brown, S.; Gommers, J.; Serrano, O. From cyber security information sharing to threat management. Proceedings of the 2ndACM workshop on information sharing and collaborative security, 2015, pp. 43–49.

[5] Johnson, C.; Badger, L.; Waltermire, D.; Snyder, J.; Skorupka, C.; others. Guide to cyber threat information sharing.NIST specialpublication2016,800

[6] Riesco, R.; Larriva-Novo, X.; Villagrá, V.A. Cybersecurity threat intelligence knowledge exchange based on blockchain.Telecom-munication Systems2020,73, 259–288

Cookie	Type	Duration	Description
__cfduid	1	1 month	The cookie is set by CloudFare. It is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
_wpfuuid	0	10 years	Contact form UUID (Universally Unique Identifier) cookie. It allows the plugin to connect entries by the same user and does not contain or represent any personal information or entry details.
cookielawinfo-checkbox-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
test_cookie	0	11 months
viewed_cookie_policy	0	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. It is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.
_gat_gtag_UA_152331303_1	1 minute	Google uses this cookie to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. It is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.

Decentralised Marketplace for Cyber Threat Information

Energy Shield

BRIDGE

Success

Defender

NRG-5

sofie-logo

Elsa

interflex

Intergrid

NobelGrid

PROMOTioN-Logo-RZ-RGB

logo_reserve_sRGB

wisegrid-logo