Visible to the public Infrastructure eXpression for Codified Cyber Attack Surfaces and Automated Applicability

Submitted by grigby1 on Tue, 01/11/2022 - 10:35am
TitleInfrastructure eXpression for Codified Cyber Attack Surfaces and Automated Applicability
Publication TypeConference Paper
Year of Publication2021
AuthorsFoster, Rita, Priest, Zach, Cutshaw, Michael
Conference Name2021 Resilience Week (RWS)
Date Publishedoct
Keywordsattack surface, Automating cyber response, Bills of materials, control systems, critical infrastructure, Cyber-physical systems, Hardware, Hardware bill of materials, Information systems, infrastructure, Malware, Metrics, Power system protection, pubcrawl, research and development, resilience, Resiliency, Scalability, software bill of materials, Standards, substation automation, Supply chains, Supply-chain protection
AbstractThe internal laboratory directed research and development (LDRD) project Infrastructure eXpression (IX) at the Idaho National Laboratory (INL), is based on codifying infrastructure to support automatic applicability to emerging cyber issues, enabling automated cyber responses, codifying attack surfaces, and analysis of cyber impacts to our nation's most critical infrastructure. IX uses the Structured Threat Information eXpression (STIX) open international standard version 2.1 which supports STIX Cyber Observable (SCO) to codify infrastructure characteristics and exposures. Using these codified infrastructures, STIX Relationship Objects (SRO) connect to STIX Domain Objects (SDO) used for modeling cyber threat used to create attack surfaces integrated with specific infrastructure. This IX model creates a shareable, actionable and implementable attack surface that is updateable with emerging threat or infrastructure modifications. Enrichment of cyber threat information includes attack patterns, indicators, courses of action, malware and threat actors. Codifying infrastructure in IX enables creation of software and hardware bill of materials (SBoM/HBoM) information, analysis of emerging cyber vulnerabilities including supply chain threat to infrastructure.
DOI10.1109/RWS52686.2021.9611807
Citation Keyfoster_infrastructure_2021
Groups: