Making sense of hackers


Making sense of hackers' actions after a breach

Perimeter security is vital, but it has long since ceased to be sufficient for government systems. Cyber intruders will breach networks and often are able to navigate internally for months before being detected. And because attackers change their methods frequently, intrusions can be difficult to detect by traditional means.

Dig IT Award Finalists

The GCN Dig IT Awards celebrate discovery and innovation in government IT.

There are 36 finalists this year. Each will be profiled in the coming days, and the winners for each category will be announced at the Oct. 13 Dig IT Awards gala.

See the full list of 2016 Dig IT Award Finalists

MITRE, which operates multiple federally funded research and development centers (FFRDCs) and supports the Defense Department on a wide range of cybersecurity initiatives, has worked to close that knowledge gap. Its Adversarial Tactics, Techniques and Common Knowledge behavioral model is the first detailed framework to describe the actions a malicious cyber actor takes once inside a network.

ATT&CK grew out of MITRE's previous cybersecurity research, particularly red team/blue team exercises. Officials realized that there are only so many variations in the ways adversaries behave once they've successfully breached a system. Make that universe of options better understood, and defenders have a much better chance of mitigating a breach before too much damage is done.

Central to the project is a matrix of post-exploitation tactics and techniques. Organized into categories such as privilege escalation, later movement, defense evasion and exfiltration, the ATT&CK matrix provides a much-needed common frame of reference.

MITRE cultivated a community around ATT&CK to raise awareness and continue to refine the shared knowledge. As a constantly growing and freely available reference base, ATT&CK can help agencies deter and respond to breaches. They can also use the model to create a blueprint for monitoring and assessment, make decisions about cybersecurity investments and more easily share information thanks to a standardized vocabulary.

Although the project grew out of an FFRDC that supports DOD, ATT&CK is open-source and applicable to any government agency and the commercial sector.

About the Author

Troy K. Schneider is the Editor-in-Chief of both FCW and GCN, two of the oldest and most influential publications in public-sector IT. Both publications (originally known as Federal Computer Week and Government Computer News, respectively) are owned by GovExec. Mr. Schneider also serves GovExec's General Manager for Government Technology Brands.

Mr. Schneider previously served as New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company, where he oversaw the online operations of The Atlantic Monthly, National Journal, The Hotline and The Almanac of American Politics, among other publications. The founding editor of, Mr. Schneider also helped launch the political site in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times,, Slate, Politico, Governing, and many of the other titles listed above.

Mr. Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected