Building and verification operation of the Cyber Threat Intelligence System (CTI)

Acronym: CTI

Poskytovatel: MV ČR
Program: VH - Program bezpečnostního výzkumu pro potřeby státu 2016 - 2021
Identification number: VH20172021022

Implementation period: 4/2017–12/2021

Coordinatior:
CZ.NIC, z. s. p. o.
Number of partners: 2
Role of CESNET: partner
Manager for CESNET:
Ing. Martin Žádník, Ph.D.

The main objective of the project is in accordance with Act No. 181/2014 Coll. of cybersecurity to strengthen critical information infrastructure protection and reduce damage caused by cyber crime through the establishment of the effective detection, identification and prediction system of cyber threats and evaluation of cybersecurity incidents (the so-called Cyber Threat Intelligence). This system based on data analysis and network traffic electronic communication information (Internet) from a wide variety of sources will build methods and procedures for critical information infrastructure vulnerabilities evaluation.

The created system will allow the data to be correlated and therefore to gain a deeper insight into the relationship among the incidents and their originators. Correlation of data and the ability to put them into context is a key aspect for identification and solution of large-scale incidents, APT (Advanced Persistent Threat) threats, or tracking criminal groups activities operating in the virtual space.

The next layer of the system will represent the information distribution about security incidents, in the form of detected vulnerabilities and also in the form of the so-called gray-lists (lists of defected IP addresses) that will take over especially critical information infrastructure and significant information system administrators, operators of major communication networks, Data center operators, etc. Based on the thus identified threats NBU will issue warnings according to § 12 of Act No. 181/2014 Coll.

Last change: 26.3.2020