Thinking Forward Archives

by Gary Gagnon
Former MITRE Senior Vice President and Chief Security Officer

Many organizations try to deal with cybersecurity threats by focusing inwardly. They conduct vulnerability assessments, make detailed network maps, and use robust patch management processes to continuously monitor their networks and systems.

Although this approach provides some benefits, against many cyber threats it's ineffective. Most corporate networks are so large and complex that it's simply too difficult to identify all of their assets, or all of their vulnerabilities, and patch them fast enough. Today's cyber wrongdoers are sophisticated, well-funded, and patient—they use a wide range of techniques to penetrate even well-protected enterprises.

Focus on the Opponent

Many organizations have begun to focus on the opponent instead. By better understanding their adversaries—their tendencies, techniques, tools, and intentions—organizations can bolster their threat-based defenses and improve their chances of preventing, detecting, and mitigating cyber intrusions.

Both approaches have merit. That's why MITRE advocates a balanced security posture that combines classic cyber defense with a new emphasis on gathering and sharing intelligence information about threat actors. With this innovative model, defenders become both intelligence collectors and producers. Organizations can share this cyber threat information to improve the security of everyone in the community.

Work Toward a Common Goal

To make collaborative cybersecurity a reality, organizations must become more comfortable with cyber threat information, both giving and taking it. Standards-based threat information repositories are an important first step. Standards will enable rapid communication about threats and automated responses to them. With secure data repositories, different organizations can share information within trusted groups and prevent adversaries from accessing the intelligence.

MITRE has developed partnerships with several communities that use these standards-based repositories, such as the Advanced Cyber Security Center in Massachusetts. Our ultimate goal is to enable the creation of additional communities and a federation of such groups to improve the nation's security.

We invite you to read the latest Thinking Forward.