 |
 |
 |
 |
| |
|||||
|
|
 |
As the litany of reports on attacks against computers and networks hammers the public consciousness, MITRE continues to aggressively protect our own resources and leverage our corporate expertise to protect our sponsors' critical assets. To support this paradigm, MITRE maintains an active internal security committee that applies today's cutting-edge solutions to existing systems and architectures to protect our own information infrastructure. Also, MITRE supports a strong research program to help push the state of the art in information protection (see "Filling the Gaps" below). MITRE works in close partnership with its sponsors to help transition its practical expertise and research results to operational use. By doing so, we help improve our sponsors' information security postures. (See "Network Management System for Base Information Protection" and "Helping Secure United States Transportation Command Data".) 
Protecting MITRE from Attack MITRE's Information Security Committee (SECOM) is responsible for information security-related operations, technology, and policy and procedures for protecting MITRE's current and anticipated information infrastructure. The architecture and implementation of MITRE's internal and boundary protection systems and practices is an area of particular focus. SECOM investigates and deploys security technologies to ensure that these systems adequately protect MITRE's information infrastructure. Recent examples include implementing email virus scanning and providing secure, encrypted remote access to MITRE's internal networks. MITRE's efforts to integrate the latest security products to protect its own enterprise have led to insights useful to the security community. As one example, to ensure that MITRE systems are properly protected, SECOM attempted to construct a database that would identify each system, its operating system and patch level, all applicable vulnerabilities, and corresponding fixes. But making sense of the hodgepodge of vulnerability information was difficult, because information derived from multiple sources with unique naming schemes provided no interoperable way to populate vulnerability entries. Two MITRE engineers devised an approach to provide a list of standardized names for vulnerabilities. (See "CVE Continues to Grow" .) Protecting the Government--Current Technology MITRE leverages its technical expertise acquired through practical experience and research to assist our sponsors in far-ranging endeavors that broadly impact their security posture. In addition, MITRE applies this same expertise to improve our own internal security posture. For example, the security architectures SECOM developed and refined for local protection were successfully tailored to protect the United States Transportation Command (USTRANSCOM). Also, lessons learned from extensive experience providing encrypted remote access to MITRE's internal networks provided the basis for recommendations for the Air Force's Common User Virtual Private Network architecture. (See Network Management System for Base Information Protection.) Filling the Gaps Despite the success of Air Force Network Management System for Base Information Protection (NMS/BIP) and USTRANSCOM programs, MITRE aggressively pursues research to further the state of the art in operational critical information assurance areas. A broad variety of research initiatives are being conducted under the MITRE Technology Program and under numerous sponsor-funded programs. One example is the Electronic Systems Center (ESC) Lighthouse program, a congressionally funded initiative focused on advancing the state of the art in all areas of information assurance relevant to protecting the nation's critical infrastructure. Lighthouse is a collaborative effort between MITRE, SEI, and Lincoln Lab. Together, these entities jointly execute a program of research projects that covers important topics in information assurance today. The Lighthouse program is integrated with ongoing work across the government and aggressively promotes cross-fertilization and minimization of duplicative efforts. The Lighthouse technical approach uses a client/server architecture to collect and store a network map describing every network and host in a protected domain. Applications then use this data to provide advanced defensive capabilities. The figure above illustrates the fundamental architecture with a sample set of applications. A "Peer and Tier" approach has been adopted to provide enterprise-wide protection. Currently, the architecture has been developed and the foundation implemented. Work on application development is well underway, with the current focus on vulnerability detection and remediation, malicious code detection, modeling and simulation, infrastructure analyses (GPS, directed energy, and SATCOM), and CVE integration. As research in individual technologies yields pragmatic results, which are seamlessly integrated into the framework, a powerful capability for managing a domain emerges. This capability will provide operators with limited computer security expertise with the capability to identify and remediate vulnerabilities prior to an incident and to react quickly and effectively should an incident occur. Deployment of an initial operational prototype, in coordination with our Air Force partners, is planned at Air Combat Command, ESC, and within MITRE. Feedback from all users will be used to guide future research and refine the prototype. For more information, please contact Jeffrey Piciotto using the employee directory. |
Solutions That Make a Difference.® |
|
|
