Cyber Threat Intelligence (CTI) is an advanced and methodical application of intelligence gathering, dissemination, and utilization to ensure that organizations are aware of threats and the threat landscape posed by specific contexts and situations which helps drive decisions for key decision makers. When CTI is used effectively, it gives cyber security professionals a strategic advantage to prevent cyber attackers from surprising an organization. CTI blends data and technical elements to produce reports which can be used to prevent risks from being realized, and remains a fluid and continuous process.
In this section I include an example of a Cyber Threat Intelligence Plan (CTIP). A Cyber Threat Intelligence Plan is unique to a specific industry, organization, or even business unit and addresses who would want to harm an organization, how they would harm an organization, and how the organization plans to mitigate these harms. I took the approach of a Generic Defense Contractor because defense contractors have been and will continue to be advanced persistent threat (APT) groups targeting defense contractors. The reward versus risk payoff for a nation to infiltrate and steal classified secrets, or obtain sensitive information about individuals working in these realms to use in espionage and intellectual property theft remains terribly unbalanced in favor of the attackers. My evidence for this statement is professional observations and evident as well in recent actions taken by the U.S. government against Chinese hackers in an attempt to curtail the increase in cyber attacks and data theft by China in a recent article by NPR (Lucas, 2018).
Some of the areas of interest in a CTIP include supply-chain attacks, insider-threats, phishing, and zero-day attacks used by APT groups to gain footholds in environments. Being aware of the tools, tactics, and techniques (TTPs) this groups are using is not only a professional duty but an ethical obligation for me as an information security professional to ensure that U.S. interests, my companies intellectual property, and our economic security are protected to the best of my ability. My CTIP wrapped in a lot of the known and unknown details required to identify threat actors, threat attack methods, and more important identify whether or not outsourcing the collection of cyber threat intelligence is an appropriate use of my organizations resources. It is often less expensive to contract these services out, however, if they are not utilized effectively then this is just as frivolous. A decent CTIP will ensure that intelligence is properly collected, vetted, and applied, and that technological aspects are addressed to either protect, detect, or identify threat vectors.
In this section I include an example of a Cyber Threat Intelligence Plan (CTIP). A Cyber Threat Intelligence Plan is unique to a specific industry, organization, or even business unit and addresses who would want to harm an organization, how they would harm an organization, and how the organization plans to mitigate these harms. I took the approach of a Generic Defense Contractor because defense contractors have been and will continue to be advanced persistent threat (APT) groups targeting defense contractors. The reward versus risk payoff for a nation to infiltrate and steal classified secrets, or obtain sensitive information about individuals working in these realms to use in espionage and intellectual property theft remains terribly unbalanced in favor of the attackers. My evidence for this statement is professional observations and evident as well in recent actions taken by the U.S. government against Chinese hackers in an attempt to curtail the increase in cyber attacks and data theft by China in a recent article by NPR (Lucas, 2018).
Some of the areas of interest in a CTIP include supply-chain attacks, insider-threats, phishing, and zero-day attacks used by APT groups to gain footholds in environments. Being aware of the tools, tactics, and techniques (TTPs) this groups are using is not only a professional duty but an ethical obligation for me as an information security professional to ensure that U.S. interests, my companies intellectual property, and our economic security are protected to the best of my ability. My CTIP wrapped in a lot of the known and unknown details required to identify threat actors, threat attack methods, and more important identify whether or not outsourcing the collection of cyber threat intelligence is an appropriate use of my organizations resources. It is often less expensive to contract these services out, however, if they are not utilized effectively then this is just as frivolous. A decent CTIP will ensure that intelligence is properly collected, vetted, and applied, and that technological aspects are addressed to either protect, detect, or identify threat vectors.
References
- Anti-Phishing Working Group. (2018, December 11). Phishing Trends. Retrieved February 17, 2019, from Anti-Phishing Working Group, Inc.: http://docs.apwg.org/reports/apwg_trends_report_q3_2018.pdf
- Berg, S. (2018, December 3). Contractor's Are a Bulls-Eye for Hackers. Retrieved February 16, 2019, from SIGNAL Media: https://www.afcea.org/content/contractors-are-bulls-eye-hackers
- Carnaghan, I. (. (2018, March 17). United States Defense Contractors and Cybersecurity Challenges. Retrieved February 16, 2019, from Ian Carnaghan: https://www.carnaghan.com/united-states-defense-contractors-and-cybersecurity-challenges/
- Korolov, M. (.-p. (2019, January 25). What is a supply chain attack? Why you should be wary of third-party providers. Retrieved February 17, 2019, from CSO Online: https://www.csoonline.com/article/3191947/data-breach/what-is-a-supply-chain-attack-why-you-should-be-wary-of
- Lucas, R. (2018, December 20). Justice Department Charges Chinese Hackers In Bid To Curtail Cyber-Theft. Retrieved from https://www.npr.org/2018/12/20/678587956/justice-department-charges-chinese-hackers-in-bid-to-curtail-cyber-theft
- Olivia, B. (2018, April 13). Defense contractors face more aggressive ransomware attacks. Retrieved February 16, 2019, from The Hill: https://thehill.com/policy/cybersecurity/382904-defense-contractors-face-more-aggressive-ransomware-attacks
- Threat Modeler Inc. (2018, December 13). Threat Modeling Methodology | OCTAVE, STRIDE, PASTA, Trike, VAST. Retrieved February 16, 2019, from ThreatModeler Inc.: https://threatmoderler.com/2018/09/15/threat-modeling-methodology/