As threat actor operations become increasingly sophisticated and emphasize the targeting of critical infrastructure and services, the need for cybersecurity information sharing will continue to grow. Escalating demand for cyber threat intelligence and information sharing across the cybersecurity community has resulted in the need to better understand the information produced by reputable sources such as U.S. CISA Alerts and ICS-CERT advisories. The text analysis program, Profiler Plus, is used to extract information from 1,574 U.S. government alerts and advisories to develop visualizations and generate enhanced insights into different cyber threat actor types, the tactics which can be used for cyber operations, and sectors of critical infrastructure at risk of an attack. The findings of this study enhance cyber threat intelligence activities by enabling an understanding of the trends in public information sharing as well as identifying gaps in open-source reporting on cyber-threat information.
Read full abstract