Secure exchange of cyber threat intelligence using TAXII and distributed ledger technologies - application for electrical power and energy system

The energy sector has been, in recent years, the target of sophisticated cyberattacks. Although the importance of collaborative cyber-security consciousness, expressed as extensive cyber threat intelligence sharing, is undoubted, the standardization of the means of exchanging cyber threat information efficiently and securely has been inadequately addressed and is mostly expressed by the emergence of the Trusted Automated eXchange of Indicator Information (TAXIITM) protocol which faces major deficiencies when it comes to data integrity assurance and suitability for event-driven architectures. This paper presents a novel approach enabling secure and real-time exchange of cyber threat information, by extending the technological capacity of the TAXII framework and addressing its deficiencies through the integration of Distributed Ledger Technologies (DLT) and a generalized publish-subscribe middleware. The applicability of the proposed solution has been validated in several use cases addressing the real needs of Electrical Power and Energy Systems.