Threat Intelligence and Operation Resilience
Leveraging Threat Intelligence for proactive defences
The COVID-19 is forcing organisations around the world to adopt “work-from-home” or telecommuting. This paradigm shift is putting immense pressure on cybersecurity operations. As organisations are making extraordinary efforts to protect their workers and serve their customers during the pandemic, exposure to cyberthreats is increasing significantly too. This is why we must shift from a reactive approach to a more proactive stance. We must place far more attention toward making our systems and networks resilient — that is, being able to continuously deliver the intended outcome despite adverse cyber events.
In this blog post, we will discuss some aspects of Operational Resilience and what can Threat intelligence help implementing it.
The Bank of England has defined Operational Resilience as “The ability of firms and the financial system as a whole to absorb and adapt to shocks, rather than contribute to them” . This goes beyond traditional operational risk and recovery capabilities, with a focus on preserving the continuity of the organisation’s operation. Essentially, Operational Resilience is an upgrade that moves operational risk management from passive to active. However, how can the diverse (and sometimes conflicting) streams of threat intelligence be injected into established frameworks for resilience, risk, and project management? How can we make use of Threat Intelligence to support Operational Resilience?
Threat Intelligence is collecting and analysing information about indicators of past, current, and future cyber threats, which enables organisations to take action to protect their assets, networks, and the entire organisation. At the Secure 5G4IoT Lab (a collaboration between Oslo Metropolitan University –OsloMet, Telenor, and Wolffia), we are developing unique technology to collect and analyse large amount of data to deliver relevant cyber threat insights in real time. We aggregate this rich intelligence with any other threat data feeds, internal or external, to bring about proactive defence against any emergent threats.
The difference between Operational Resilience and other information technology disciplines, such as software development, is the existence of threat actors. In planning and managing Operational Resilience, the intentions, capabilities, and prevailing attack patterns of threat actors form the basis for determining which actions take priority while balancing the organisation’s mission, reputation, operations and resources.
In the same way as software developers must consider quality attributes such as performance, reliability, and extensibility based on stakeholder requirements, the intentions, capabilities, and prevailing attack patterns of threat actors form the basis of security-related requirements and quality attributes of a resilient system and the organisations it supports. A realistic, objective, and practical awareness of current threat actor characteristics and the environment in which threat actors and the defending organisation operate are essential to planning for Operational Resilience. Any successful prevention, detection, response, mitigation or recovery would depend upon effective analysises of threat actors.
Because threat actors continually evolve, an organisation must continuously review and refine its Operational Resilience programme through discipline and a common understanding of process. In other words, what an organisation does to optimise resilience rarely changes. How an organisation meets its resilience needs is constantly evolving.
The COVID-19 pandemic is no exception, malicious cyber actors are continually adjusting their methods to take advantage of any catastrophic situations. The cyberthreat landscape is evolving at high and higher speed and is growing more complex than any organisation can keep pace with. We must now admit that it is simply not possible to prevent all threats to all assets at all time. The issue is not whether our defence will be breached but rather when it will be. And therefore, every organisation should build a culture of preparedness, to continuously strengthening the security, adapting to changing conditions, improving the Operational Resilience to withstanding disruptions and ensuring rapid recovery.
-  Building the UK financial sector’s operational resilience, https://www.bankofengland.co.uk/prudential-regulation/publication/2018/building-the-uk-financial-sectors-operational-resilience-discussion-paper
-  IEEE Standard 1061-1992. Standard for a Software Quality Metrics Methodology. New York: Institute of Electrical and Electronics Engineers, 1992.
(By Prof. Dr. Thanh van Do, TELENOR Research)