DHS's Science and Technology Directorate's Next Generation Cyber Infrastructure Apex program seeks to harden critical systems and networks. MITRE’s Homeland Security Systems Engineering and Development Institute teamed up with DHS to support this effort.
MITRE’s Homeland Security Systems Engineering and Development Institute™ (HSSEDI) federally funded research and development center and the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) teamed up to tackle one of the many cyber challenges facing our nation’s critical infrastructure sectors, enabling these essential entities to operate effectively even in the face of sophisticated, targeted cyberattacks.
S&T’s Next Generation Cyber Infrastructure (NGCI) Apex program seeks to provide technologies and tools that will harden critical systems and networks. The U.S. critical infrastructure (CI) sectors have an immediate need for technologies that can adequately detect, defend, protect, restore and respond to sophisticated cyber-threats. The Cyber Apex program identifies, develops, tests, evaluates and deploys cutting-edge technologies to deter cyber attacks against critical infrastructure sectors.
The HSSEDI project team developed a suite of cybersecurity artifacts for the CI Financial Services Sector (FSS), to include threat models identifying attacker methods (using MITRE’s ATT&CK and CAPEC knowledge bases) from the level of a single FSS institution up to FSS systems of systems, and a corresponding cyber wargaming framework linking technical and business views. This helped support NGCI Apex use cases and provide a common frame of reference for community interaction to supplement institution-specific threat models.
The team also assessed risk metrics and risk assessment frameworks, and developed representations depicting the interdependencies and data flows within the FSS. Although this work was done for the S&T Cyber Security Division for the FSS, the breadth and depth of the work has applicability to other CIs and organizations.
Publications in this collection include:
- Cyber Threat Modeling: Survey, Assessment, and Representative Framework
- Cyber Wargaming: Framework for Enhancing Cyber Wargaming with Realistic Business Context
- Advanced Cyber Risk Management: Threat Modeling & Cyber Wargaming Briefing
- Enhanced Cyber Threat Model for Financial Services Sector Institutions
- Enterprise Threat Model Technical Report-Cyber Threat Model for a Notional Financial Services Sector Institution
- System-of-Systems Threat Model
- Cyber Risk Metrics Survey, Assessment and Implementation Plan Report
- Cyber Risk Metrics Survey, Assessment and Implementation Plan Briefing
- Financial System Mapping
- Dynamic Data Map Technical Report
For guidance on how the publications connect to one another, please download the attached PDF.