Cyber threat intelligence for critical infrastructure security

Cyber-attacks are considered the most significant threat to organizations from different sectors, including critical infrastructure. Access to critical assets, including industrial control systems, and control over their usage is one of the security approaches implemented to protect those systems from unauthorized access. However, existing implementations do not support the enforcement of fine-grained authorization policies and do not provide continuous control over data access. Furthermore, existing implementations of the access control paradigm require policy-makers to perform a manual update of policies that do not consider information about potential or ongoing cyber attacks. In this work, we propose a framework that enables continuous control on the execution of access rights in the industrial domain. Furthermore, the framework relies on cyber incident information shared by trusted entities. This information is used for updating security policies in order to prevent possible incidents within the smart factory infrastructure. We also provide experimental results that show the operability and the efficiency of the proposed framework.