21. End-to-End Data-Driven Cyber-Physical Threat Intelligence for Critical Infrastructures in the Finance Sector

By Ioannis Karagiannis, Research and Development, INNOV-ACTS LTD, Nicosia Cyprus | Alessandro Mamelli, Pointnext Advisory & Professional Services, Hewlett-Packard Italiana Srl, Cernusco s/N, Milan, Italy | Giorgia Gazzarata, University of Genoa, Italy | John Soldatos, Research and Development, INNOV-ACTS LTD, Nicosia Cyprus | Kyriakos Satlas, Research and Development, INNOV-ACTS LTD, Nicosia Cyprus

Downloaded: 1724 times

Published: 15 Sep 2021

© 2021 Ioannis Karagiannis | Alessandro Mamelli | Giorgia Gazzarata | John Soldatos | Kyriakos Satlas

Abstract

Despite their continuing investments in security systems and services, financial institutions have been recently confronted with large scale security attacks. These attacks target both cyber and physical assets of financial organizations, while sometimes using physical vulnerabilities to launch cyber attacks and vice versa. To alleviate these attacks there is a need for security services can protect both physical and cyber assets of financial organizations, as part of a Cyber-Physical Threat Intelligence (CPTI) approach. Likewise, there is a need for collaboration between financial organizations in security processes. In line with these needs, this chapter introduces a novel data driven platform for CPTI in the finance sector. The platform combines and analyzes information from a variety of different probes, to proactively identify security risks. Leveraging this information, the platform can initiate relevant mitigation actions. As part of the chapter, the architecture of the platform is introduced, along with some of the main security data flows. Emphasis is paid on describing the user facing (i.e., the front-end components) of the platform, as well as its collaborative risk assessment module. Finally, the article discusses how the platform could help alleviating some of the recent large-scale attacks in the finance sector.