A Blockchain-Enabled Incentivised Framework for Cyber Threat Intelligence Sharing in ICS

TL;DR

This paper introduces a blockchain-based framework that enables secure, private, and incentivized sharing of cyber threat intelligence among ICS stakeholders, addressing privacy, trust, and participation challenges.

Contribution

It presents a novel blockchain-enabled framework for ICS CTI sharing that enhances security, privacy, and incentivization, overcoming limitations of centralized platforms.

Findings

Framework demonstrates feasibility in real-world scenarios

Enhances privacy and trust in CTI sharing

Provides an efficient, secure sharing network for ICS

Abstract

In recent years Industrial Control Systems (ICS) have been targeted increasingly by sophisticated cyberattacks. Improving ICS security has drawn significant attention in the literature that emphasises the importance of Cyber Threat Intelligence (CTI) sharing in accelerating detection, mitigation, and prevention of cyberattacks. However, organisations are reluctant to exchange CTI due to fear of exposure, reputational damage, and lack of incentives. Furthermore, there has been limited discussion about the factors influencing participation in sharing CTI about ICS. The existing CTI-sharing platforms rely on centralised trusted architectures that suffer from a single point of failure and risk companies' privacy as the central node maintains CTI details. In this paper, we address the needs of organisations involved in the management and protection of ICS and present a novel framework that facilitates secure, private, and incentivised exchange of CTI related to ICS using blockchain. We propose a new blockchain-enabled framework that facilitates the secure dissemination of CTI data among multiple stakeholders in ICS. We provide the framework design, technical development and evaluate the framework's feasibility in a real-world application environment using practical use-case scenarios. Our proposed design shows a more practical and efficient framework for a CTI sharing network for ICS, including the bestowal and acknowledgment of data privacy, trust barriers, and security issues ingrained in this domain.