DIG IT AWARD FINALIST: CYBERSECURITY
Making sense of hackers' actions after a breach
Perimeter security is vital, but it has long since ceased to be sufficient for government systems. Cyber intruders will breach networks and often are able to navigate internally for months before being detected. And because attackers change their methods frequently, intrusions can be difficult to detect by traditional means.
MITRE, which operates multiple federally funded research and development centers (FFRDCs) and supports the Defense Department on a wide range of cybersecurity initiatives, has worked to close that knowledge gap. Its Adversarial Tactics, Techniques and Common Knowledge behavioral model is the first detailed framework to describe the actions a malicious cyber actor takes once inside a network.
ATT&CK grew out of MITRE's previous cybersecurity research, particularly red team/blue team exercises. Officials realized that there are only so many variations in the ways adversaries behave once they've successfully breached a system. Make that universe of options better understood, and defenders have a much better chance of mitigating a breach before too much damage is done.
Central to the project is a matrix of post-exploitation tactics and techniques. Organized into categories such as privilege escalation, later movement, defense evasion and exfiltration, the ATT&CK matrix provides a much-needed common frame of reference.
MITRE cultivated a community around ATT&CK to raise awareness and continue to refine the shared knowledge. As a constantly growing and freely available reference base, ATT&CK can help agencies deter and respond to breaches. They can also use the model to create a blueprint for monitoring and assessment, make decisions about cybersecurity investments and more easily share information thanks to a standardized vocabulary.
Although the project grew out of an FFRDC that supports DOD, ATT&CK is open-source and applicable to any government agency and the commercial sector.
Troy K. Schneider is editor-in-chief of FCW and GCN.
Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.
Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.
Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.