OMB Individually Reported

Cyber Threat Enrichment

Low riskExact public inventory row

Description

Cyber threat analysis

Detailed example

Structured Threat Information Expression (STIX) data format providing actionable and implementable codified contextual data for use in cyber security products or if firmware binaries analyzed and translated to STIX output is codified attack surfaces and SBOM.

AI / analytics pattern

Other

Automation level / stage

c) Deployed – The use case is being actively authorized or utilized to support the functions or mission of an agency.

Expected benefit

Enrich emerging cyber threat data with recent and past analysis data curated from the DOE-CESER Geo Threat Observable project and grid modernization project Deep Learning Malware using TBs of well structured cyber threat. Input vulnreability, weakness, malware inforamtion to find connections to well analyzed cyber threat including attack patterns, known exploited, spast mitigations and detections. When firmware binaries are analyzed and translated to structured threat used to create codified attack surfaces and Firmware or Software Bill of Materials (SBOM) for supply chain tracking

Audit / financial statement impact

Not available.

Controls / human review

ATO: No; PIA: Not published

Data needed

Open source threat intelligence collected, NLP used to scrape information off of cyber incident reports and websites, some data from cyber sensors, threat feeds and some data from manual threat analysis activities.