Automated Cyberthreat Hunting and Cyber-relevant Incident Response for Critical Infrastructures

Defenders of networks and digital systems have a fundamental need for accurate and sufficiently complete cyber threat intelligence, which current tools and platforms cannot produce. Defenders also need to have at their disposal an agile specter of effective security controls that can be quickly adapted to stop new and targeted cyber attacks before they can cause major harm. This is a critical challenge because cyber attackers continuously innovate and adopt more advanced attack methods to bypass existing security controls. Finally, defenders need experienced and skilled staff who have the awareness of threats, the skills to apply controls, and grounding in policy, privacy, legal and ethical frameworks for the responsible application and governance of cyber threat intelligence and security controls. The above needs in terms of cybersecurity are analogous to the well-known proposition from Sun Tzu?s classical military treaties "The Art of War" which he authored during the 5th century BC in ancient China: ?If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.? Cyberthreat Intelligence is about knowing the enemy. Having agile security controls and staff with strong skills and a responsible attitude is about knowing yourself. CyberHunt has as goal to ensure that defenders of digital infrastructures will not have to fear existing or emerging cyber threats because they know the enemy and are assured of their capacity to defend their infrastructures.

CyberHunt will develop highly innovative cybersecurity technologies that can sense, detect, analyse, disrupt and outmaneuver adversarial attacks in cyber-relevant time with the aim of radically strengthening defenses and resilience against cyberthreats targeted at critical infrastructures, including assets, systems, and networks, that are vital to the wellbeing of the population, the prosperity of the economy, and national security. The industry consensus is that standardization is a key enabler for automation and orchestration where functional blocks of different security solutions should no longer work in isolation, but interoperate effectively and efficiently in real time, allowing rapid and accurate decision making regarding cyber operations. The CyberHunt objectives are: 1) Investigating and developing automated threat hunting technology based on AI and semantic modeling for predicting and detecting sophisticated adversarial attacks taking into consideration all phases of the cyber kill chain holistically and not in isolation. 2) Investigating innovative methods for cyberthreat information sharing based on computational trust and blockchain technologies. 3) Developing the first interoperable orchestration language for cyber operations with the purpose of enabling machine-to-machine communication in a coordinated manner where decision making can be part of an automated incident response. 4) Developing a knowledge base of geopolitical information sources. CyberHunt recognizes the importance of coupling geopolitical intelligence with cyberthreat intelligence for aiding the understanding of cyberwarfare patterns and reducing uncertainty in attack attribution.