Threat Intelligence and Operation Resilience
Leveraging Threat Intelligence for proactive defences
The COVID-19 is forcing organisations around the world to adopt “work-from-home” or telecommuting. This paradigm shift is putting immense pressure on cybersecurity operations. As organisations are making extraordinary efforts to protect their workers and serve their customers during the pandemic, exposure to cyberthreats is increasing significantly too. This is why we must shift from a reactive approach to a more proactive stance. We must place far more attention toward making our systems and networks resilient — that is, being able to continuously deliver the intended outcome despite adverse cyber events.
In this blog post, we will discuss some aspects of Operational Resilience and what can Threat intelligence help implementing it.
The Bank of England has defined Operational Resilience as “The ability of firms and the financial system as a whole to absorb and adapt to shocks, rather than contribute to them” [1]. This goes beyond traditional operational risk and recovery capabilities, with a focus on preserving the continuity of the organisation’s operation. Essentially, Operational Resilience is an upgrade that moves operational risk management from passive to active. However, how can the diverse (and sometimes conflicting) streams of threat intelligence be injected into established frameworks for resilience, risk, and project management? How can we make use of Threat Intelligence to support Operational Resilience?
What is Operational Resilience?
Operational Resilience is defined as the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions caused by cyberattacks, accidents, or naturally occurring threats or incidents.
Threat Intelligence is collecting and analysing information about indicators of past, current, and future cyber threats, which enables organisations to take action to protect their assets, networks, and the entire organisation. At the Secure 5G4IoT Lab (a collaboration between Oslo Metropolitan University –OsloMet, Telenor, and Wolffia), we are developing unique technology to collect and analyse large amount of data to deliver relevant cyber threat insights in real time. We aggregate this rich intelligence with any other threat data feeds, internal or external, to bring about proactive defence against any emergent threats.
Threat Actors, Threats, and Risks
A threat actor is defined as a situation, entity, individual, group, or action that has the potential to exploit a threat.
A threat is defined as the combination of a vulnerability, a threat actor, a motive (if the threat actor is a person or persons), and the potential to produce a harmful outcome for the organisation. A risk is defined as the combination of a threat and a vulnerability (condition), the impact (consequence) on the organisation if the vulnerability is exploited, and the presence of uncertainty.
The difference between Operational Resilience and other information technology disciplines, such as software development, is the existence of threat actors. In planning and managing Operational Resilience, the intentions, capabilities, and prevailing attack patterns of threat actors form the basis for determining which actions take priority while balancing the organisation’s mission, reputation, operations and resources.
What are Quality Attributes?
Software quality is the degree to which software possesses a desired combination of at- tributes (e.g., reliability, interoperability), IEEE-1061 [2].
In the same way as software developers must consider quality attributes such as performance, reliability, and extensibility based on stakeholder requirements, the intentions, capabilities, and prevailing attack patterns of threat actors form the basis of security-related requirements and quality attributes of a resilient system and the organisations it supports. A realistic, objective, and practical awareness of current threat actor characteristics and the environment in which threat actors and the defending organisation operate are essential to planning for Operational Resilience. Any successful prevention, detection, response, mitigation or recovery would depend upon effective analysises of threat actors.
What is Threat Detection?
Threat Detection is the practice of analysing the whole security ecosystem of an organisation to identify any suspicious activity that could compromise the organisation’s network. If a threat is detected, then mitigation efforts must be enacted to neutralise it before it can exploit any present vulnerabilities.
Because threat actors continually evolve, an organisation must continuously review and refine its Operational Resilience programme through discipline and a common understanding of process. In other words, what an organisation does to optimise resilience rarely changes. How an organisation meets its resilience needs is constantly evolving.
CONCLUSION
The COVID-19 pandemic is no exception, malicious cyber actors are continually adjusting their methods to take advantage of any catastrophic situations. The cyberthreat landscape is evolving at high and higher speed and is growing more complex than any organisation can keep pace with. We must now admit that it is simply not possible to prevent all threats to all assets at all time. The issue is not whether our defence will be breached but rather when it will be. And therefore, every organisation should build a culture of preparedness, to continuously strengthening the security, adapting to changing conditions, improving the Operational Resilience to withstanding disruptions and ensuring rapid recovery.
- [1] Building the UK financial sector’s operational resilience, https://www.bankofengland.co.uk/prudential-regulation/publication/2018/building-the-uk-financial-sectors-operational-resilience-discussion-paper
- [2] IEEE Standard 1061-1992. Standard for a Software Quality Metrics Methodology. New York: Institute of Electrical and Electronics Engineers, 1992.
(By Prof. Dr. Thanh van Do, TELENOR Research)