DIG IT AWARD FINALIST: CYBERSECURITY
Making sense of hackers' actions after a breach
- By Troy K. Schneider
- Oct 12, 2016
Perimeter security is vital, but it has long since ceased to be sufficient for government systems. Cyber intruders will breach networks and often are able to navigate internally for months before being detected. And because attackers change their methods frequently, intrusions can be difficult to detect by traditional means.
MITRE, which operates multiple federally funded research and development centers (FFRDCs) and supports the Defense Department on a wide range of cybersecurity initiatives, has worked to close that knowledge gap. Its Adversarial Tactics, Techniques and Common Knowledge behavioral model is the first detailed framework to describe the actions a malicious cyber actor takes once inside a network.
ATT&CK grew out of MITRE's previous cybersecurity research, particularly red team/blue team exercises. Officials realized that there are only so many variations in the ways adversaries behave once they've successfully breached a system. Make that universe of options better understood, and defenders have a much better chance of mitigating a breach before too much damage is done.
Central to the project is a matrix of post-exploitation tactics and techniques. Organized into categories such as privilege escalation, later movement, defense evasion and exfiltration, the ATT&CK matrix provides a much-needed common frame of reference.
MITRE cultivated a community around ATT&CK to raise awareness and continue to refine the shared knowledge. As a constantly growing and freely available reference base, ATT&CK can help agencies deter and respond to breaches. They can also use the model to create a blueprint for monitoring and assessment, make decisions about cybersecurity investments and more easily share information thanks to a standardized vocabulary.
Although the project grew out of an FFRDC that supports DOD, ATT&CK is open-source and applicable to any government agency and the commercial sector.
Troy K. Schneider is the Editor-in-Chief of both FCW and GCN, two of the oldest and most influential publications in public-sector IT. Both publications (originally known as Federal Computer Week and Government Computer News, respectively) are owned by GovExec. Mr. Schneider also serves GovExec's General Manager for Government Technology Brands.
Mr. Schneider previously served as New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company, where he oversaw the online operations of The Atlantic Monthly, National Journal, The Hotline and The Almanac of American Politics, among other publications. The founding editor of NationalJournal.com, Mr. Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, Governing, and many of the other titles listed above.
Mr. Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.