Today, critical infrastructure remains in the crosshairs of cyber adversaries, with attacks increasing daily. Unfortunately, defensive efforts remain reactionary. Rather than proactively identifying adversary actions, organizations are forced into a constant battle of security regulations, procedures, and patch management. This results in a security posture that is increasingly arduous to maintain and that continues to fall behind adversaries.
Forecasting Adversary Actions
Infrastructure Susceptibility Analysis (ISA) is a systematic, repeatable process to ensure organizations can move ahead of cyber adversaries. Analytic methodologies are forward-leaning and leverage traditional cyber threat intelligence, along with systems and safety engineering expertise to understand what cyber-attacks are possible and probable.
MITRE Labs constructed analytic methodologies, building on several existing MITRE capabilities and research areas, including MITRE ATT&CK for ICS, CAPEC, and Threat-Informed Failure Scenario Development. The result is a multi-step and evolved process, which assists organizations with understanding the potential effects of cyber-attacks at a highly technical level. At the same time, these technology-specific insights are combined with distilled threat information for the generation of actionable intelligence.
Our Goal: Improve organizations’ abilities to employ intelligence and threat information for efficient risk reduction and security gains.
ISA assessment teams evaluate the applicability of specific ATT&CK techniques against a potential target infrastructure. Working directly with asset owners and the designers and engineers of operational technology, the assessment teams direct modifications in security programs, architecture, and system design. These modifications are targeted to reduce the organizational cybersecurity risk efficiently by addressing those weaknesses that are actively or soon to be targeted by adversaries.
These targeted approaches are helping to protect and ensure the reliability of key community services, including provision of clean water and consistent power delivery. ISA research teams are multi-disciplinary, leveraging engineering and cyber expertise by modifying security programs for greatest impact. This enables assessment teams to provide critical infrastructure asset owners concrete, prioritized security mitigations and strategies. Asset owners implementing these recommendations experience the greatest return on their security investments by disrupting future adversary actions.