Cyber Threat Intelligence: Empowering IoT Security Workshop

Cyber Threat Intelligence: Empowering IoT Security Workshop

6 March 2024

10 am – 12.30 pm CET

Online

 

The SecureCyber Cluster has organized an online workshop. Cyber Threat Intelligence is the knowledge and insights gathered, analysed, and used to understand and predict cyber threats and attacks. This intelligence is crucial for organizations to defend against potential cybersecurity threats proactively and respond effectively to attacks. 

This workshop focuses on the efforts of multiple EU-funded projects that have developed a Cyber Threat Intelligence (CTI) component, specifically emphasising IoT systems. This workshop aims to equip participants with the skills and knowledge to gather, produce, elaborate, and share critical information about cyber threats and attacks, especially in IoT environments. The workshop also uniquely focuses on how CTI can be seamlessly incorporated into several vertical industries, addressing industry-specific challenges and needs.

This workshop will consist of expert-led presentations, interactive sessions, and industry-focused discussions. Participants from diverse sectors such as cybersecurity, IoT development, and various industries will gain valuable insights into developing and implementing CTI systems tailored to their needs. The workshop serves as an ideal platform for professionals to explore the intersection of cybersecurity and industry-specific requirements and to contribute to the advancement of secure and resilient IoT ecosystems across different sectors.

On behalf of SPATIAL, you will be able to enjoy Shen Wang‘s talk: ” “Enhancing Cybersecurity with Accountable, Resilient AI: A Human-in-the-loop, Metrics-Driven Approach”.

Registration: https://ti.to/securecyber-cluster-enhancing-cybersecurity/cyber-threat-intelligence-empowering-iot-security

Final agenda:

CONNECT LINK FOR THE SPEAKERS AND PARTICIPANTS

Join Zoom Meeting

https://us06web.zoom.us/j/82833763652?pwd=PbtsNxrA4z54juTbrGSJv6n2HB795H.1 

Meeting ID: 828 3376 3652

Passcode: 467280

 

Final Agenda

 10:00 – 10:05 Welcome and Introduction

• Christiana Kyperounta, 8BELLS (SECANT)
• Dimitris Kavalieros, CERTH (SECANT) 

 10:05 – 10:55 Session I: Cyber Threat Intelligence in EU H2020 Projects – Presentations

• CROSSCON: Security Stack – Status & Updates (João Sousa, University of Minho)

Agenda: CROSSCON Key Facts, Motivations, Objectives, Components, Development Status of the CROSSCON Stack, CROSSCON Use-Cases, Project Status

• ERATOSTHENES: Privacy Preserving Cyber Threat Intelligence (Juan Francisco Martinez, UMU)

• SENTINEL: Bridging the security, privacy and data protection gap for smaller enterprises in Europe (Siranush Akarmazyan, ITML)

• SPATIAL: Enhancing Cybersecurity with Accountable, Resilient AI: A Human-in-the-loop, Metrics-Driven Approach (Shen Wang, University College Dublin)

Artificial Intelligence (AI) will play a critical role in future networks, exploiting real-time data collection for optimized utilization of network resources. However, current AI solutions predominantly emphasize model performance enhancement, engendering substantial risk when AI encounters irregularities such as adversarial attacks or unknown misbehaves due to its “black-box” decision process. Consequently, AI-driven network solutions necessitate enhanced accountability to stakeholders and robust resilience against known AI threats. We introduce a high-level process, integrating Explainable AI (XAI) techniques and illustrating their application across three typical use cases: encrypted network traffic classification, malware detection, and federated learning. Unlike existing task-specific qualitative approaches, the proposed process incorporates a new set of metrics, measuring model performance, explainability, security, and privacy, thus enabling users to refine their AI network solutions iteratively.

• IRIS: Innovations for Timely, Semi-automated, Secure and Interoperable CTI and Incidents (Giovana Bilali, ICCS & Eleni Darra, CERTH & Sofia Tsekeridou, INTRA)

Information Sharing and Reporting enhancing Awareness and Collaboration among Need to know CI Operators and CERTs/CSIRTs.

10:55 – 11:05 Q&A Session

11:05 – 12:05 Session II: Cyber Threat Intelligence in EU H2020 Projects – Demos

• ARCADIAN-IoT: Machine Learning Assisted System for Cyber Threat Intelligence (Han Wang, RISE)

Cyber Threat Intelligence (CTI) is crucial for modern cybersecurity because it provides the knowledge and insights needed to defend against a wide range of cyber threats. However, there are issues associated with incomplete and inconsistent CTI data that can lead to inaccurate threat assessments, increasing the risk of both false alarms and undetected threats. In this talk, we introduce an extended version of the Malware Information Sharing Platform (MISP) platform that includes ML models to support the management and processing of CTI data. The models are designed to address specific challenges such as (i) prioritizing and ranking Indicators of Compromise (IoCs) based on severity and potential impact, (ii) classifying IoCs by attack type or threat, and (iii) aggregating similar IoCs into clusters.

• ELECTRON: The ELECTRON CTI Platform for Electric Power and Energy Systems (Hristo Koshutanski, ATOS & Pablo Gallegos Jimenez, IDENER)

ELECTRON will present its CTI platform for threat intel collection and exchange. It will overview the main functional blocks of (i) Threat Explorer for daily collection of threat and vulnerability info from open-source databases, and (ii) a MISP-based platform with suitable front-end functionalities of security, privacy and impact assessment. The presentation will be followed by  a demo that will briefly cover data collection, security and privacy-aware sharing, and threat intel scoring.

• IDUNN: Heimdal Tool: Dynamic Threat Detection Tool (Unai Esandi, IKERLAN)

HEIMDAL is one of the modules developed under IDUNN which consists on a collection of microservices that process in real-time the set of events in the OT environment and outside for detecting an incident or threat. These events are related to the detection of abnormal and suspicious activities in the network and host with access to external published databases for discovered vulnerabilities and exploits.

• SECANT: AI-based Cyber Threat Intelligence in Healthcare Ecosystem (Anaël Le Bihan, NTT DATA & Arnolnt Spyros, CERTH)

During the last years the number of medical devices with internet connectivity capabilities, also known as Internet of Medical Things (IoMT) is constantly increasing. Consequently, the attack surface of healthcare systems is increasing, making healthcare among the most critical and targeted sectors concerning cyber-attacks. The impact of successful cyber-attacks in healthcare could lead to serious consequences including legal liabilities or even the loss of human lives. SECANT platform introduces a holistic approach for cyber security risk assessment including a collaborative Cyber Threat Intelligence (CTI) framework for the collection, analysis, enrichment and sharing or enriched CTI. The SECANT Threat Intelligence Module (TIM) enables the complete management of CTI towards safeguarding healthcare organisations against cyber-attacks.

12:05 – 12:15 Q&A Session

12:15    End of Webinar

The SecureCyber Cluster is composed of the following projects:
ARCADIAN-IoT CROSSCON Electron Project ERATOSTHENES PROJECT IDUNN Project IRIS H2020 Project Secant project Sentinel – EU Project SPATIAL Project TRUSTaWARE