The ability to share threat intelligence is essential for protecting critical infrastructure like the electric power grid, water treatment facilities, oil refineries, and manufacturing plants from cyber exploits. Prior to the development of this software, threat information was too complex and cumbersome to share, limiting its application in operational environments. The new software standardizes the collection via Structured Threat Information eXpression (STIX) and converts complex data on cybersecurity vulnerabilities into a visualization that is easy to understand and act on. With STIG, utility owners and operators have a common system for sharing threat intelligence information, thus increasing the chances of detecting and mitigating cyber exploits before they lead to a cyberattack.
“We’ve been working on the development of this tool for quite a while and have had success testing it with a major utility,” said Jed Haile, INL cybersecurity researcher and tool developer. “This software helps analysts process new threat information rapidly and makes it easier for them to find or create relationships between pieces of information.”
By releasing the open-source code on GitHub, INL researchers hope other developers will take on the challenge of making the tool even better and ultimately helping to better protect the nation’s critical infrastructure systems. In addition to Haile, INL Infrastructure Security Strategic Adviser Rita Foster and cybersecurity researchers Justin Cox and Zach Priest were instrumental in the tool’s development.
The team has been working closely to test the software with Southern California Edison, a principal member of the California Energy Systems for the 21st Century (CES- 21) Program, and the primary electricity supply company for much of Southern California. The company provides 14 million people with electricity across a service territory of approximately 50,000 square miles. Southern California Edison sponsored the research that led to the development of the software. Seeing the potential for wider application of structured threat sharing, the California Public Utilities Commission approved a request to release the open-source code.
The tool is available for free download at: https://github.com/idaholab/STIG.