Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure

Cyber-attack is one of the significant threats affecting to any organisation specifically to the Critical Infrastructure (CI) organisation. These attacks are nowadays more sophisticated, multi-vectored and less predictable, which make the Cyber Security Risk Management (CSRM) task more challenging. Critical Infrastructure needs a new line of security defence to control these threats and minimise risks. Cyber Threat Intelligence (CTI) provides evidence-based information about the threats aiming to prevent threats. There are existing works and industry practice that emphasise the necessity of CTI and provides methods for threat intelligence and sharing. However, despite these significant efforts, there is a lack of focus on how CTI information can support the CSRM activities so that the organisation can undertake appropriate controls to mitigate the risk proactively. This paper aims to fill this gap by integrating CTI for improving cybersecurity risks management practice specifically focusing on the critical infrastructure. In particular, the proposed approach contributes beyond state of the art practice by incorporating CTI information for the risk management activities. This helps the organisation to provide adequate and appropriate controls from strategic, tactical and operational perspectives. We have integrated concepts relating to CTI and CSRM so that threat actor's profile, attack detailed can support calculating the risk. We consider smart grid system as a Critical Infrastructure to demonstrate the applicability of the work. The result shows that cyber risks in critical infrastructures can be minimised if CTI information is gathered and used as part of CSRM activities. CTI not only supports understanding of threat for accurate risk estimation but also evaluates the effectiveness of existing controls and recommend necessity controls to improve overall cybersecurity. Also, the result shows that our approach provides early warning about issues that need immediate attention.