Escalation and monitoring

Knowing how and when to perform incident escalation is when good threat intelligence becomes especially valuable. Compromises are usually not single events, but rather small pieces of a larger campaign. As new information is learned, the methods of detection and response need to escalate and adapt to handle the incident.

Cybersecurity staff deploying safety-critical IoT systems in industries such as transportation and utilities should keep an eye on national and international threats above and beyond the local organization. This is the normal course of business for the US and other national intelligence-related agencies. Nation-state, terrorist, organized crime and other international-related security considerations can have a direct bearing on IoT systems in terms of nationalistic or criminal attack motivations, desired impacts, and the possible actors who may carry out the actions.

This type of awareness tends to be more applicable to critical energy, utilities, and transportation infrastructure, but targeted attacks can come from anywhere and target just about anything.

There is a significant need for information to be shared between operational and technology teams, even within organizations. In terms of public/private partnerships that facilitate such information sharing, one is InfraGard (see https://www.infragard.org/):

"InfraGard is a partnership between the FBI and the private sector. It is an association of persons who represent businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the U.S."

Another valuable information-sharing resource is the High Tech Crime Investigation Association (HTCIA). HTCIA is a non-profit that organization hosts yearly international conferences and promotes partnerships with public and private entities. Regional chapters exist in many parts of the world. Read more at https://htcia.org/.

Other more sensitive partnerships, such as the US Department of Homeland Security's (DHSEnhanced Cybersecurity Services (ECS), exist between government and industry to improve threat intelligence and sharing across commercial and government boundaries. These types of programs typically invoke access to classified information outside the realm of most non-government contracting organizations today. Read more about ECS at https://www.dhs.gov/enhanced-cybersecurity-services.

We may very well see such programs undergo significant enhancement over the years to better accommodate IoT-related threat intelligence, given the large government and military interest in IoT-enabled systems and CPS.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.12.71.237