Our academic and industrial partners were very productive again resulting in two articles which are published at a journal (the 1st one) and presented at an IEEE conference.
The first article (journal article) “Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework“ is written by NTUA and elaborates on the MITRE ATT&CK framework from which a comprehensive set of organizational and individual culture factors used (with security vulnerabilities) and mapped to specific adversary behavior in the SBA tool. The abstract is as following:
The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Framework provides a rich and actionable repository of adversarial tactics, techniques, and procedures. Its innovative approach has been broadly welcomed by both vendors and enterprise customers in the industry. Its usage extends from adversary emulation, red teaming, behavioral analytics development to a defensive gap and SOC (Security Operations Center) maturity assessment. While extensive research has been done on analyzing specific attacks or specific organizational culture and human behavior factors leading to such attacks, a holistic view on the association of both is currently missing. In this paper, we present our research results on associating a comprehensive set of organizational and individual culture factors (as described on our developed cyber-security culture framework) with security vulnerabilities mapped to specific adversary behavior and patterns utilizing the MITRE ATT&CK framework. Thus, exploiting MITRE ATT&CK’s possibilities towards a scientific direction that has not yet been explored: security assessment and defensive design, a step prior to its current application domain. The suggested cyber-security culture framework was originally designed to aim at critical infrastructures and, more specifically, the energy sector. Organizations of these domains exhibit a co-existence and strong interaction of the IT (Information Technology) and OT (Operational Technology) networks. As a result, we emphasize our scientific effort on the hybrid MITRE ATT&CK for Enterprise and ICS (Industrial Control Systems) model as a broader and more holistic approach. The results of our research can be utilized in an extensive set of applications, including the efficient organization of security procedures as well as enhancing security readiness evaluation results by providing more insights into imminent threats and security risks.
The second article (conference proceeding) “Enhancing SIEM Technology for protecting Electrical Power and Energy Sector” is written by Konnektable Technologies Ltd. and elaborates on the method used in the SIEM tool and links it to the outsider threats. The abstract is as following:
In the last couple of years, the evolution, the rate and the variety of cyberattacks have increased rapidly causing many unexpected and harmful issues. These attacks do not only target single individuals, but also firms, critical infrastructure as long as a whole government. The most common solutions like firewalls, antivirus, NIDS and NIPS are no longer sufficient as they were the old days. Malicious users and attackers change their behavior, adjust to new methods and “invisible” ways to infect the system.