October 2024
From ransomware attacks to releasing your personal information on the dark web, cyber criminals are getting more aggressive and sophisticated by the minute.
One thing is abundantly clear: Every month could be cybersecurity awareness month.
We’ve been evolving cyber tactics for 50+ years—well before most people gave the topic a second thought. And our experts keep hacking away (pun intended) at the global, fast-moving challenges cyber presents.
Bottom line: All of us are vulnerable. We bring together stakeholders to protect and secure the networks and systems we all rely on. The result: a cyber neighborhood watch on a global scale.
6-minute read time
OUR CULTURE IN ACTION
Zero trust security. Forensic examination. Cryptocurrency analysis. Our 32 Cyber Futures interns, including Terell Reed (above), didn't spend their summer in receive mode: they gave as much as they got. Before returning to their campuses and classrooms, they shared some highlights.
Sound-bytes:
The highlight of your internship? “The environment to pursue what interests you most and how MITRE fosters growth in those areas…”—Lena Kaziska, Texas A&M University
Your work focus? …ZTX, Zero Trust Transceivers. They seek to implement Zero Trust policies on different systems.—Nathan Dayie, University of Maryland, Baltimore County
Why MITRE? “I would love to work for a company where I can feel and see the impact of my work to create a better world.”—Alejandro Noguera, Florida International University
Join the next wave: Summer of 2025 will be here before you know it. Check out our Cyber Futures internship page for details about the 10-week, paid opportunity. Hurry, applications close Oct. 31!
WHO'S NEXT
Taking on the Many Faces of Risk
Vivian Kristofferson didn’t start her MITRE career in cyber. The former paralegal spent six years in corporate operations, assessing risks and compliance in licensing agreements. But she eventually realized a desire for “more hands-on experience working with our sponsors.”
She pursued a master’s degree in cybersecurity strategy and information management. Now she’s combined her negotiation, risk management, and technical skills in her role as an adjudicator during Defense Department war-gaming.
“It’s not always about having one key skill but being able to combine different skills that makes you useful to a project,” she says.
And another thing: Kristofferson, a Taiwanese native, took action when threats to the Asian American community ramped up in 2016. She applied her risk management expertise to take on risks to people. For her leadership in MITRE’s award-winning Asian and Pacific Islander Business Resource Group, she earned recognition from the Society of Asian Scientists and Engineers.<
WHAT'S NEXT
ATT&CKcon 5.0: Not Your Average Conference
Close to 5,000 cyber professionals gathered in person and virtually for ATT&CKcon 5.0., Oct. 22-23.
A top goal: Leveraging the power of the globally accessible knowledge base of adversary behaviors based on real-world observations.
On the agenda: “Confessions of an Ex-FBI Profiler,” Human-Assisted Intelligent Agents, and more.
Building momentum: We plan to build on MITRE ATT&CK®’s 10-year legacy of impact in cybersecurity for decades to come. Short for Adversarial Tactics, Techniques, and Common Knowledge, ATT&CK is a cyber community driven by and for cyber defenders.
PIN DROP
25 Years, 240K Software Flaws Exposed
The history: A small MITRE team began categorizing cybersecurity weaknesses and vulnerabilities in 1999. The team created an invaluable open database that would become Common Vulnerabilities and Exposures, better known as CVE®.
Zooming in: CVE’s global, community-based effort works together to make identifying, finding, and fixing software product vulnerabilities faster and more efficient.
Zooming out: CVE records of vulnerabilities grew incrementally year by year—from 321 in 1999 to more than 240,000 in 2024. The collaborative program is foundational to breakthrough cyber work.
CYBER IMPACT
A 24/7 Security Detail
Attackers never rest, and neither do we. In cybersecurity awareness month, we released our enhanced EMB3D™ Threat Model, with new models and new mitigation techniques. SecurityWeek and Industrial Cyber, among other outlets, took notice.
What’s the big deal? Far from your typical software update, the model now includes essential mitigations and security mechanisms to address cyber threats to embedded devices. Think: behind-the-scenes critical infrastructure such as energy, water, and transportation, along with healthcare, advanced manufacturing, and more.
Why it matters: “With the release of EMB3D’s mitigations, we are not only addressing an industry challenge but also empowering stakeholders to adopt a proactive approach to security,” said Yosry Barsoum, MITRE vice president and director for the Center for Securing the Homeland.
AI IMPACT
The Power of Sharing
Everyone’s talking about AI—the good, the bad, and the ugly. One thing is sure: the threats AI-enabled systems will inevitably encounter. But there’s value in those threats. And that’s where the AI Incident Sharing initiative comes in.
MITRE’s Center for Threat-Informed Defense collaborated with over a dozen companies to launch the initiative.
The goal: “To improve the collective awareness of threats, and ultimately defense of AI-enabled systems, by enabling the rapid and protected sharing of information about attacks or accidents that involved AI-enabled systems.”
Built around the public ATLAS™ knowledge base, the initiative adds new generative AI-focused case studies and attack techniques, as well as novel methods to mitigate attacks.
In good company: Cross-industry collaborators include AttackIQ, BlueRock, Booz Allen Hamilton, CATO Networks, Citigroup, Cloud Security Alliance, CrowdStrike, FS-ISAC, Fujitsu, HCA Healthcare, HiddenLayer, Intel, JPMorgan Chase Bank, Microsoft, Standard Chartered, and Verizon Business.
The takeaway: “Standardized and rapid information sharing about incidents will allow the entire community to improve the collective defense of such systems and mitigate external harms,” said Douglas Robbins, vice president, MITRE Labs.
AVIATION IMPACT
Skyward Security
All systems go: The systems aboard an aircraft present a vast attack surface for cyber adversaries. Our Resilient Cyber Aerospace Testbed, also known as the RCAT Laboratory, brings avionics—the essential on-board electronic control systems—and cybersecurity together to pressure-test real and potential attack scenarios.
Heads up: RCAT provides the U.S. Air Force and commercial aviation collaborators access to hands-on demos, experimentation, and training so pilots recognize cyber intrusions and GPS spoofing (fake position data) when they see it.
Ready for take-off: The lab has cockpit simulators, integrated avionics components for communications, navigation, surveillance/Air Traffic Management, flight management, and bus (a collection of signals) interface and testing.
The need for speed: “We give pilots tools to see and mitigate cyber threats—at a lower cost, and without adding a lot of weight,” says Jeff Higginson, Ph.D., who leads the RCAT Lab. “And these capabilities can get in the field quickly, not in a lengthy acquisition cycle.”
HEALTH IMPACT
RISE to the Challenge
Powering the health-scape: MITRE’s been linking health and technology for decades. That makes us a natural fit to partner with health tech startups to drive innovative health IT solutions—and to widen the innovation landscape.
Our Reaching Innovators Through Startup Elevation, known as RISE, supports tech founders of color in developing innovative tech solutions. The six-month cohort program offers hands-on mentorship, access to cutting-edge resources and tools, and a broad network of technology experts.
Why it matters: Today’s global health challenges require fresh ideas from the best and brightest minds. RISE empowers diverse founders, drives better health outcomes, and fosters a more inclusive innovation ecosystem.
From the source: Sheena Gill, president and CEO of CognitiveCare Americas, says, “MITRE provides the interdisciplinary mentorship necessary to nurture every aspect—be it research and innovation, revenue generation, or navigating the complexities of the regulatory landscape.”
To do: Check out the application for the 2025 cohort before the Oct. 31 deadline!
WE’RE HIRING
Join our talent community of innovators, learners, knowledge-sharers, and risk-takers. Check out opportunities to amplify your impact for public good.
READ ON
National Cyber Feed Implementation Recommendations
MITRE Federal AI Sandbox to Train AI Models for Weather Prediction, Cybersecurity, Benefits Processing
Seeking Artificial Intelligence Futures Intern
Prepare for the Next Pandemic by Activating These Early Warning Systems
MITRE Licenses HAZMAT Auxiliary Unit Drone Technology to Detectix, Further Enhancing First Responder Safety