Probably the last thing the average American—not to mention any political, military, or business leader—wants to hear is that a growing number of predators are trying to break down the doors of our nation’s computer networks. It’s a threat that potentially endangers the information systems that support our nation’s defense, economy, and practically everything else.

"Our infrastructure is made of cyber-straw," says Bill Neugent, a chief engineer for MITRE's Information Security Division and a nationally recognized authority on cybersecurity. "We need to be building it out of cyber-steel."

According to Neugent, more substantial measures are required to protect our nation's computer networks. "We've got to change the rules of the road for our networks so that predators can't so readily run free," he says.

The Threat Has Changed

The private sector, including power plants, refineries, and banks, has long been a popular target for cyber attacks. As government agencies and the intelligence community have increasingly become dependent on information technology, they've also become more vulnerable. Recent press reports have recounted an increasing number of attacks against the government, including the Department of Defense (DoD) and other agencies. "The threat has changed; it's gotten more severe," says Neugent. "This is a singular year for change."

A MITRE initiative known as Mission Assurance Against Advanced Cyber Threats has been developed to help defend the government's computer systems and ensure "mission assurance"—the ability to get the job done even under compromised conditions. This mission assurance initiative was launched in 2007 in response to the increase in cyber attacks against the government and private sector. "Over the last few years, the sophistication of 'the bad guys' has grown substantially," Neugent says. "They're quite successful at breaking into things, and they can cause a lot of damage."

It's not just a lack of network security that's causing a problem—it's hardware, software, and device drivers, many of which are mass-produced overseas. According to Neugent, hackers, organized crime, and even hostile nation-states have ample opportunity to do harm. "In an attack situation, the attacker's probably going to win the first battle," Neugent says. "Our challenge is to win the war."

Offense and Defense

To advance the initiative, Neugent's colleagues Harriet Goldman and John Woodward drafted a paper, "Defending Against Advanced Cyber Threats," that represents the MITRE position on the topic. The paper takes a strategic approach to cyber conflict. "The most critical thing is to change the way of thinking—to think offensively as well as defensively," says Goldman, corporate director of integration for mission assurance. "It's not all about protection technology. It's also about risk management."

Goldman and Woodward, executive director of information operations, are collaborating to help the DoD navigate around potential threats. "The DoD needs to think about this as more than just patching vulnerabilities in their systems," Woodward says. He compares mission assurance to the aviation concept of "graceful degradation."

"Think about the air traffic control system—one of the threats is bad weather," Woodward says. "But the weather can't be controlled, so the system preplans how to gracefully degrade the flow of planes. We're trying to encourage the DoD to think the same way."

Thought Leader

In their paper, Goldman and Woodward outline a series of recommendations to defend against cyber threats. "We're developing an entire strategy for improving the state of practice at MITRE, as well as in the government and industry, in this area," Goldman says. "It's allowing MITRE the opportunity to work with customers to showcase best practice and to set direction on improving an organization's mission assurance posture."

Ultimately, says Neugent, cyber security depends on global cooperation. "The people, the companies, the organizations, the nations that win the information technology [IT] game are going to be the ones that harness the whole globe, not just our own 300 million people," he says. "There are a lot of smart people around doing really great IT work. The more we can harness the fruits of their labors, the better off we're going to be."

—by Tricia C. Bailey

Related Information

Articles and News

• Private Eyes: Keeping Personal Information Safe
• Honeyclients Root out Attackers’ Domains
• Employee Spotlight: Stopping Hackers in Their Tracks
• Ready for Primetime: Putting the Byte on Crime and Terrorism
• SIMEN Says: Let's Make Air Force Networks More Secure
• Closing a Can of Worms: Designing an Automated Worm Detection System
• Assured Information Sharing
• Need-to-Know Vs. Need-to-Share

Technical Papers and Presentations

• Malicious Control System Cyber Security Attack Case Study
• Detecting Malicious Insiders in Military Networks
• Detecting Insider Threat Behavior
• Cyber Warfare Exercise Overview

Websites

• MITRE's Center for Integrated Intelligence Systems
• MITRE's Homeland Security Center
• Our Work: Cybersecurity
• Our Research: Information Assurance
• United States Computer Emergency Readiness Team

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.

Privacy Policy | Contact Us