Who is MITRE?

NOTE: This article has been translated into English from the original Medium article in Chinese and added upon.

Upon hearing about CyCraft’s participation in the MITRE ATT&CK® APT29 Evaluations, many organizations in Asia were not only confused as to who the MITRE organization is but were also unsure how to pronounce “MITRE”. (Transliterated in Chinese as 埋特).

FFRDC?

In short, MITRE is a not-for-profit organization based in Bedford, Massachusetts (US) and McLean, Virginia (US). MITRE operates federally funded research and development centers (FFRDCs) to assist the United States government with scientific research, development, and systems engineering.

FFRDCs currently operated by MITRE include:


Cold War Origins

At the height of the Cold War between the U.S. and the U.S.S.R., MITRE was formed in 1958 to provide guidance over the construction of the U.S. Air Force Semi-Automatic Ground Environment (SAGE) air defense system. SAGE was a system of computers and networking equipment tasked with coordinating data from multiple radar sites and producing a single unified image of the airspace; the project’s deployment cost exceeded the Manhattan Project — the R&D project that led to the first nuclear weapon.

SAGE would direct the North American Air Defense Command (NORAD) response to an air attack from Soviet Russia. A SAGE operator would use their light gun to select targets on their radar screen for further information, contact the defense resources in that area, and issue commands to attack.

(Source: https://www.wired.com/2013/09/ibm-sage/) SAGE operator using the light gun.


FUN FACT: SAGE consoles came with built-in cigarette lighters and ashtrays located in the bottom left-hand corner.

Most of the early employees of MITRE came from Lincoln Labs at the Massachusetts Institute of Technology (MIT), where SAGE was being developed; hence, MITRE being based in Bedford, Massachusetts — a 30-minute drive from MIT.

Cyber Projects

In addition to operating The National Cybersecurity FFRDC, which is sponsored by the U.S. National Institute of Standards and Technology (NIST), MITRE also operates the Common Weakness Enumeration (CWE) project as well as the Common Vulnerabilities and Exposures (CVE) system. As of 1999, MITRE has functioned as the editor and primary CNA of the CVE system — the industry standard for vulnerability and exposure names.

In response to the ongoing rise of cyberattacks, MITRE released the MITRE ATT&CK framework in 2015. ATT&CK is a globally-accessible, living framework of observed and known adversarial tactics, techniques, and procedures (TTP) used by advanced persistent threats (APTs) and other cybercriminals in the wild. ATT&CK is also working to standardize the often chaotic naming of threat groups whose attack techniques the framework is derived from.

ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge. The framework is a matrix of intrusion techniques categorized into 12 different tactics.

As of May 2020, ATT&CK currently has four main matrices: PRE-ATT&CK, Enterprise, Mobile, and its most recent addition, ICS. The Enterprise ATT&CK matrix, the most commonly referenced matrix, combines four separate matrices: Windows, macOS, Linux, and Cloud.

Since its release in 2015, ATT&CK has become one of the most referenced and most respected resources in cybersecurity. The Enterprise ATT&CK matrix currently lists 226 unique adversarial techniques from the shell scripts .bash_profile and .bashrc to XSL Script Processing.

MITRE ATT&CK Evaluations

In 2018, MITRE ATT&CK launched the first round of the MITRE ATT&CK Evaluations in an effort to enable better communication between red teams, defenders, and management. Vendors of cybersecurity solutions have been using ATT&CK to measure and tune their capabilities; however, there was no neutral authority to transparently evaluate these solutions, until ATT&CK.

What makes the MITRE ATT&CK Evaluations appealing for testing is that it is based on known threat actor activity rather than just the hypothetical. ATT&CK emulates a known APT and tests a vendor’s capability to detect adversarial techniques and tactics as defined by the ATT&CK matrix.

(Source: https://attack.mitre.org/resources/attackcon/) Industry professionals from 19 countries and 135 organizations attended ATT&CKcon 2.0 in October 2019.


MITRE Engenuity?

As of 2020, MITRE Engenuity, an independent nonprofit organization, will be managing the oversight of the MITRE ATT&CK Evaluations program.

Your MITRE ATT&CK Reading List
1. Introduction | What is MITRE ATT&CK?
2. Behind the Curtain | Who is MITRE?
3. ATT&CK Evaluations Round 2: APT29 | CyCraft Enters Round 2
4. ATT&CK Evaluations Round 2: APT29 | Complete Guide to Understanding Results
5. ATT&CK Evaluations Round 2: APT29 | CyCraft Results6. ATT&CK Evaluations Round 3: FIN7 and Carbanak | CyCraft Enters Round 3
CyCraft at the MITRE ATT&CK Evaluations

Craft joined the second round of evaluations against APT29. CyCraft is the first Taiwanese cybersecurity firm to participate in the ATT&CK Evaluations as well as the youngest firm to ever participate. You can view our results against the APT29 Evaluation.

Follow Us

Blog | LinkedIn | Twitter | Facebook | CyCraft

When you join CyCraft, you will be in good company. CyCraft secures government agencies, Fortune Global 500 firms, top banks and financial institutions, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs.

We power SOCs with our proprietary and award-winning AI-driven MDR (managed detection and response), SOC (security operations center) operations software, TI (threat intelligence), Health Check, automated forensics, and IR (incident response), and Secure From Home services.

Additional Related Resources

Writer: CyCraft

關於 CyCraft

奧義智慧科技(CyCraft Technology)是一家專注於 AI 自動化技術的資安科技公司,成立於2017年。總部設於台灣,在日本和新加坡均設有子公司。為亞太地區的政府機關、警政國防、銀行和高科技製造產業提供專業資安服務。獲得華威國際集團(The CID Group)和淡馬錫控股旗下蘭亭投資(Pavilion Capital)的強力支持,並獲得國際頂尖研究機構 Gartner、IDC、Frost & Sullivan 的多項認可,以及海內外大獎的多次肯定。同時也是多個跨國資安組織和台灣資安社群的成員和合作夥伴,長年致力於資安產業的發展。

訂閱奧義智慧電子報

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
點擊此按鈕,即表示您同意奧義智慧的隱私權政策,並同意奧義智慧使用您所提供的資訊並寄送資訊給您。您隨時可以取消訂閱。