The advantages of secure cyber threat sharing platform in PHOENIX platform
The secure and persistent communication (SPC) layer in the PHOENIX framework addresses the key challenges of threat sharing process as follows: establishing trusted relationships between participants through robust authentication and authorization methods, guaranteeing the reliability of data via integrity checks, fostering interoperability via unified semantics and message formats, preserving data privacy by persisting data hashes on the blockchain and automating all processes pertaining to data exchange.
Thereby, the SPC layer does not suffer from the flaws such as lack of data privacy and reliability that state-of-art blockchain-based solutions did. Furthermore, the finalized version of the SPC layer, completed during spring 2022, is relatively straightforward to deploy because it has been fully Dockerized and can be simply run as several Docker services.
In the PHOENIX platform, publishing threat information by an expert triggers the automated procedure wherein a message is relayed to the SPC layer, and its hash is written to the blockchain. Next, the SPC layer distributes the data to the subscribed parties and, eventually, the integrity of the message is verified by potential consumers. All the above transactions are carried out without any human intervention. Thereby, the solicited or unsolicited human errors would be eliminated, leading to a higher degree of reliability and security of threat sharing process.
Widespread deployment of secure threat information sharing component of the SPC layer across national and international Electrical Power and Energy System (EPES) infrastructures would have twofold advantages: firstly, the time between a security breach and sharing information about the incident would be reduced substantially because security experts would leverage the sharing platform to deliver threat information to the concerned organization promptly. Thereby, this approach minimizes the destructive impacts of cyber-attacks which would typically lead to comprising the next victims within a short period of time (e.g., an hour). Secondly, the authenticity of Cyber threat information (CTI) in transition can be simply examined at any phase of the sharing process, thus the expert offering the information could ensure that the intended data is securely delivered to the parties with similar interests.