Cybersecurity

Our staff helps our sponsors identify and solve problems, including those associated with interoperability of data security technologies, database management systems, and software applications.

Overview

MITRE is a leader in critical infrastructure protection, and we work closely with government and industry on a wide variety of cybersecurity, information assurance, and information sharing efforts. Our staff constantly works to balance "need to know" with "need to share"—making sure the right people have access to and can share data, while keeping that same data out of the hands of those who would misuse it. Our efforts in this area include helping sponsors to enumerate baseline security data, providing standardized languages for accurately communicating data security information, and encouraging the sharing of the information with users by developing repositories.

We help our sponsors identify and solve problems, including those associated with interoperability of data security technologies, database management systems, and software applications. We also work with sponsors on challenges including real-time data processing and dissemination to support operations and off-line analysis—including bulk data analysis, pattern recognition, and malicious code detection.

Among our most prominent efforts in the field of cybersecurity are CVE, OVAL, and related initiatives, which are fast becoming information assurance standards. Together, they are part of a larger program known collectively as "Making Security Measurable." For example, the CVE (Common Vulnerabilities and Exposures) initiative is a list of more than 20,000 names industry experts have agreed to use in identifying vulnerabilities. CVE also is also being used as the basis for the National Vulnerability Database (NVD), developed by the U.S. National Institute of Standards and Technology. Our OVAL (Open Vulnerability and Assessment Language) project offers baseline standards that help determine the presence of vulnerabilities and configuration issues on computer systems. We are now leveraging the CVE and OVAL initiatives to help the Department of Defense (DoD) transform its enterprise incident and remediation management efforts. An associated effort, Common Malware Enumeration (CME), provides single, common identifiers to new virus threats and to the most prevalent emerging virus threats to reduce public confusion during malware incidents. CME is not an attempt to replace the vendor names used for viruses and other forms of malware, but rather to facilitate the adoption of a shared, neutral indexing capability for malware.

Meanwhile, the growing threat of client-side attacks has network administrators increasingly worried. By setting up malicious servers, or by compromising servers and installing malicious software, hackers can take control of computers through vulnerable client programs, such as Web browsers. These attacks bypass most firewall protections. To address this threat, MITRE has developed a prototype open-source package that proactively monitors Internet servers for fast-running, malicious programs designed to infect user systems. The tool, known as a "honeyclient," appears to the hacker as a vulnerable client that's open to attack by malware programs. The honeyclient provides users with an automated worm and virus detection process.

Other examples of MITRE technical solutions that benefit industry, academia, government, and the public include our work in data fusion and data mining. This work involves intrusion detection, vulnerability management, asset security management, malware response threat analysis, and the development of our Spitfire Intrusion Detection Environment, a prototype operator workstation for network intrusion detection system operators.

Current Work Programs

MITRE's work in cybersecurity, information assurance, and information sharing covers a range of programs, customers, and initiatives. Much of our work is performed directly for customers such as the DoD and the intelligence community. Cybersecurity, however, reaches far beyond the obvious (such as Internet attacks on military or intelligence systems and networks). For instance, because all large-scale IT modernization programs must have information assurance as a key element, we also provide guidance for civilian organizations such as the Internal Revenue Service, the Department of Homeland Security, the Federal Aviation Administration, and other agencies.

Among our work programs:

• Managing the "Making Security Measurable" collection of information security community standardization activities and initiatives.
• Helping the Department of Housing and Urban Develop weave information security processes into all aspects of its IT modernization program.
• Running the Cross-Boundary Information Sharing (XBIS) Laboratory, an unclassified demonstration and integration facility that captures the state-of-the-art in the field of cross-boundary information sharing.
• Designing the MITRE Honeyclient Project, an open source initiative that strives to educate the public about client application exploits and their attack mechanisms.
• Developing Public Key Infrastructure systems for customers.
• Supporting the Naval Criminal Investigative Service in the development of a database called LInX, for Law Enforcement Information Exchange.

Related Information

Articles and News

• Hunting Dangerous Genes, Inbox by Inbox
• Virtual Contrails: Modeling Air Traffic Control Over the Internet
• Private Eyes: Keeping Personal Information Safe
• Targeting the 25 Most Dangerous Programming Errors
• MITRE's Security Standards Support Massive Government IT Alignment
• Healthcare IT Standards Bring Order to Medical Records
• Helping HUD Give Your Information a Safe Home
• New Lab Serves as a Growing Resource for Tough Challenges
• Honeyclients Root Out Attackers' Domains
• SIMEN Says: Let's Make Air Force Networks More Secure
• Ready for Prime Time: Putting the Byte on Crime and Terrorism
• Giving Military Information Sharing a Little More Backbone
• Closing a Can of Worms: Designing an Automated Worm Detection System
• Information Assurance Industry Uses CVE and OVAL to Identify Vulnerabilities

Technical Papers and Presentations

• Information Technology Acquisition: A Common-Sense Approach
• Malicious Control System Cyber Security Attack Case Study—Maroochy Water Services, Australia
• Secure Citizen Interaction Framework
• Enabling Secure Interoperability among Federated National Entities: It's a Matter of Trust
• Collaboration/Cooperation in Sharing and Utilizing Net-Centric Information
• JFACC Information Management (IM) Capability
• Graph-based Worm Detection on Operational Enterprise Networks

Websites

• MITRE's Center for Integrated Intelligence Systems (CIIS)
• MITRE's Command and Control Center (C2C)
• MITRE's Center for Enterprise Modernization (CEM) FFRDC
• 2007 Technology Symposium: Information Assurance Projects
• Making Security Measurable
• National Vulnerability Database
• Open Vulnerability and Assessment Language (OVAL)
• Common Vulnerabilities and Exposures (CVE)
• Common Weakness Enumeration (CWE)
• Common Malware Enumeration (CME)
• MITRE Cross-Boundary Information Sharing (XBIS) Lab
• Spitfire Intrusion Detection Workstation

Solutions That Make a Difference.®
Copyright © 1997-2010, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.

Privacy Policy | Contact Us