Incorporating Cyber Threat Intelligence into Complex Cyber-Physical Systems: A STIX Model for Active Buildings

Ricardo M. Czekster; Roberto Metere; Charles Morisset

doi:10.3390/app12105005

Incorporating Cyber Threat Intelligence into Complex Cyber-Physical Systems: A STIX Model for Active Buildings

Ricardo M. Czekster^*, Roberto Metere^*, Charles Morisset

^*Corresponding author for this work

Research output: Contribution to journal › Article › peer-review

Abstract

Active buildings can be briefly described as smart buildings with distributed and renewable energy resources able to energise other premises in their neighbourhood. As their energy capacity is significant, they can provide ancillary services to the traditional power grid. As such, they can be a worthy target of cyber-attacks potentially more devastating than if targeting traditional smart buildings. Furthermore, to handshake energy transfers, they need additional communications that add up to their attack surface. In such a context, security analysis would benefit from collection of cyber threat intelligence (CTI). To facilitate the analysis, we provide a base active building model in STIX in the tool cyberaCTIve that handles complex models. Active buildings are expected to implement standard network security measures, such as intrusion-detection systems. However, to timely respond to incidents, real-time detection should promptly update CTI, as it would significantly speed up the understanding of the nature of incidents and, as such, allow for a more effective response. To fill this gap, we propose an extension to the tool cyberaCTIve with a web service able to accept (incursion) feeds in real-time and apply the necessary modifications to a STIX model of interest.

Original language	English
Article number	5005
Journal	Applied Sciences
Volume	12
Issue number	10
DOIs	https://doi.org/10.3390/app12105005
Publication status	Published - 16 May 2022

Bibliographical note

© 2022 by the authors.
Licensee MDPI, Basel, Switzerland.
This article is an open access article
distributed under the terms and
conditions of the Creative Commons
Attribution (CC BY) license (https://
creativecommons.org/licenses/by/
4.0/).

Funding: This research was funded by the Industrial Strategy Challenge Fund and EPSRC, EP/V012053/1,
Active Building Centre Research Programme (ABC RP)

Keywords

active buildings
cyber threat intelligence
cyber-physical systems
cyber-security
situational awareness
smart grid
structured cyber-attack representations

Access to Document

10.3390/app12105005Licence: CC BY 4.0

Incorporating Cyber Threat Intelligence into Complex Cyber-Physical Systems
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).
Final published version, 1.62 MBLicence: CC BY 4.0

Cite this

@article{714153d1920741429fab3f5336ec3acb,

title = "Incorporating Cyber Threat Intelligence into Complex Cyber-Physical Systems: A STIX Model for Active Buildings",

abstract = "Active buildings can be briefly described as smart buildings with distributed and renewable energy resources able to energise other premises in their neighbourhood. As their energy capacity is significant, they can provide ancillary services to the traditional power grid. As such, they can be a worthy target of cyber-attacks potentially more devastating than if targeting traditional smart buildings. Furthermore, to handshake energy transfers, they need additional communications that add up to their attack surface. In such a context, security analysis would benefit from collection of cyber threat intelligence (CTI). To facilitate the analysis, we provide a base active building model in STIX in the tool cyberaCTIve that handles complex models. Active buildings are expected to implement standard network security measures, such as intrusion-detection systems. However, to timely respond to incidents, real-time detection should promptly update CTI, as it would significantly speed up the understanding of the nature of incidents and, as such, allow for a more effective response. To fill this gap, we propose an extension to the tool cyberaCTIve with a web service able to accept (incursion) feeds in real-time and apply the necessary modifications to a STIX model of interest.",

keywords = "active buildings, cyber threat intelligence, cyber-physical systems, cyber-security, situational awareness, smart grid, structured cyber-attack representations",

author = "{M. Czekster}, Ricardo and Roberto Metere and Charles Morisset",

note = "{\textcopyright} 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/). Funding: This research was funded by the Industrial Strategy Challenge Fund and EPSRC, EP/V012053/1, Active Building Centre Research Programme (ABC RP)",

year = "2022",

month = may,

day = "16",

doi = "10.3390/app12105005",

language = "English",

volume = "12",

journal = "Applied Sciences",

issn = "2076-3417",

publisher = "MDPI AG",

number = "10",

}

TY - JOUR

T1 - Incorporating Cyber Threat Intelligence into Complex Cyber-Physical Systems: A STIX Model for Active Buildings

AU - M. Czekster, Ricardo

AU - Metere, Roberto

AU - Morisset, Charles

N1 - © 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/). Funding: This research was funded by the Industrial Strategy Challenge Fund and EPSRC, EP/V012053/1, Active Building Centre Research Programme (ABC RP)

PY - 2022/5/16

Y1 - 2022/5/16

N2 - Active buildings can be briefly described as smart buildings with distributed and renewable energy resources able to energise other premises in their neighbourhood. As their energy capacity is significant, they can provide ancillary services to the traditional power grid. As such, they can be a worthy target of cyber-attacks potentially more devastating than if targeting traditional smart buildings. Furthermore, to handshake energy transfers, they need additional communications that add up to their attack surface. In such a context, security analysis would benefit from collection of cyber threat intelligence (CTI). To facilitate the analysis, we provide a base active building model in STIX in the tool cyberaCTIve that handles complex models. Active buildings are expected to implement standard network security measures, such as intrusion-detection systems. However, to timely respond to incidents, real-time detection should promptly update CTI, as it would significantly speed up the understanding of the nature of incidents and, as such, allow for a more effective response. To fill this gap, we propose an extension to the tool cyberaCTIve with a web service able to accept (incursion) feeds in real-time and apply the necessary modifications to a STIX model of interest.

AB - Active buildings can be briefly described as smart buildings with distributed and renewable energy resources able to energise other premises in their neighbourhood. As their energy capacity is significant, they can provide ancillary services to the traditional power grid. As such, they can be a worthy target of cyber-attacks potentially more devastating than if targeting traditional smart buildings. Furthermore, to handshake energy transfers, they need additional communications that add up to their attack surface. In such a context, security analysis would benefit from collection of cyber threat intelligence (CTI). To facilitate the analysis, we provide a base active building model in STIX in the tool cyberaCTIve that handles complex models. Active buildings are expected to implement standard network security measures, such as intrusion-detection systems. However, to timely respond to incidents, real-time detection should promptly update CTI, as it would significantly speed up the understanding of the nature of incidents and, as such, allow for a more effective response. To fill this gap, we propose an extension to the tool cyberaCTIve with a web service able to accept (incursion) feeds in real-time and apply the necessary modifications to a STIX model of interest.

KW - active buildings

KW - cyber threat intelligence

KW - cyber-physical systems

KW - cyber-security

KW - situational awareness

KW - smart grid

KW - structured cyber-attack representations

UR - https://www.mdpi.com/2076-3417/12/10/5005

UR - http://www.scopus.com/inward/record.url?scp=85130739895&partnerID=8YFLogxK

U2 - 10.3390/app12105005

DO - 10.3390/app12105005

M3 - Article

SN - 2076-3417

VL - 12

JO - Applied Sciences

JF - Applied Sciences

IS - 10

M1 - 5005

ER -

Incorporating Cyber Threat Intelligence into Complex Cyber-Physical Systems: A STIX Model for Active Buildings

Abstract

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this