 |
 |
 |
 |
| |
|||||
|
|
|
Home > Our Work > Mission Areas > | |||||||||||||||||||||||
Cybersecurity
Overview At the heart of all government information technology is an inherent contradiction: Propagate or protect? To make information more available and useful, the federal government must expand its networks, analyze and share information, and develop data architectures that extend resources to more users. But at the same time, there is a competing—and just as essential—need to protect data, maintain confidentiality, and keep networks safe from attack. Balancing these opposing needs requires hard choices, and the stakes are high. Technical, economic, and strategic decisions made today will affect everything from national security to daily business operations for years to come. Because the government's choices are so crucial—and the field of information technology so diverse—we endeavor to maintain a knowledge base across an array of IT-related disciplines. We apply this informed perspective to the evaluation of IT solutions that help the government operate more efficiently and securely. Over the last several years, teams from across the corporation have made strides in areas such as cybersecurity and data sharing as well as privacy protection and open source software development. Combating Agile Adversaries Although computer defenses continue to improve, today's cyber adversaries are more skillful, more agile, and better equipped than ever. Through our Mission Assurance Against Advanced Cyber Threats initiative, we actively engage with our sponsors to reassess what cybersecurity means in light of today's advanced threats, even redefining what "winning" means. When it comes to fighting through a coordinated, high-level attack on government systems, winning sometimes means accepting that a determined adversary may break through system defenses—but the mission must not fail.
This vision of cybersecurity requires making pragmatic choices for mission assurance while continuing to improve overall network defenses. These choices include pinpointing the specific system elements to safeguard at all costs (a process known as crown jewel analysis) and identifying the minimum requirements needed to keep systems running or to be rapidly reconstituted even when under attack. In this vein, we are currently developing a customized analytical methodology for the government's mission assurance needs. We have also developed a concept known as Cyber Preparedness (or Cyber Prep) Levels, which facilitate security investment and strategic planning in two major ways. First, the levels can help assess an enterprise's current posture with respect to cyber threats (ranging from a low of "cyber vandalism" to a high of "cyber warfare"). Second, they can help define a strategy for improving an enterprise's ability to address the full range of cyber threats. Many of the security controls (operational and technical rules for countering or minimizing IT security risks) that support the Cyber Prep Levels have already been incorporated into National Institute of Standards and Technology security controls guidance. MITRE is now working with the agency to incorporate the entire Cyber Prep concept into its security guidelines. Cyber Awareness Within and Without External defenses are not the only ones needed; some cyber crime originates from within. Malicious insiders with access to sensitive proprietary information and intellectual property routinely cause business losses and threaten the economic competitiveness of the United States. In 2009, a MITRE team published new research about detecting insider threats. This work, part of a multi-year program supported by the non-profit Institute for Information Infrastructure Protection, used a breakthrough experimental design that combines the social and computer sciences. By illustrating how the behavior of malicious insiders differs from their benign counterparts, these findings offer clues for improved early detection of this type of criminal activity. To explore the effectiveness of cutting-edge IT security tools and processes, we run a two-location facility called the Cyber Security Operations Center, or CSOC. The CSOC provides an operational network context for evaluating real-world impacts of proposed next-generation cyber-defense methods. Candidate techniques and technologies are selected from a variety of sources, including industry, academia, government, and our own R&D programs. The CSOC opened in early 2009, and since then we have hosted dozens of demonstrations of advanced cyber technology for the government, academicians, and commercial vendors. By using our own extensive internal networks as a test bed, the CSOC analysts identify and analyze actual cyber intrusions, giving us insights into the techniques our nation's adversaries use. With the results from CSOC experimentation, we improve MITRE's cybersecurity posture and pass along well-vetted recommendations to the government. Related Information Articles and News
Technical Papers and Presentations
Websites
Page last updated: June 27, 2011 | Top of page |
Solutions That Make a Difference.® |
|
|
