A Passive Network Cyber Threat Intelligence Framework for Legacy Critical Control Systems using Machine Learning

The importance of Internet and communication networks in our daily life and in any organization’s daily operations is well known and cannot be overstressed. A nation’s economy is fully reliant on its critical infrastructure. Energy sector is one of the 16 Critical Infrastructure Sectors identified by the Department of Homeland Security. Securing these critical infrastructure sectors is challenging but is also of utmost priority in this day of constant and persistent cyber threats. Threat is any circumstance or event that has the potential to adversely impact an agency's assets and operations. Cyber Threat Intelligence (CTI) is the process of collection, analysis, and identification of potential cyber threats to the organization. This goal of current research performed at the Savannah River National Laboratory (SRNL), Aiken, SC, is to develop a Cyber Threat Intelligence framework for gathering Threat Intelligence passively from the network traffic from and to a real or simulated Critical Control Systems.