Who is MITRE?
NOTE: This article has been translated into English from the original Medium article in Chinese and added upon.
Upon hearing about CyCraft’s participation in the MITRE ATT&CK® APT29 Evaluations, many organizations in Asia were not only confused as to who the MITRE organization is but were also unsure how to pronounce “MITRE”. (Transliterated in Chinese as 埋特).
FFRDC?
In short, MITRE is a not-for-profit organization based in Bedford, Massachusetts (US) and McLean, Virginia (US). MITRE operates federally funded research and development centers (FFRDCs) to assist the United States government with scientific research, development, and systems engineering.
FFRDCs currently operated by MITRE include:
- The National Security Engineering Center
Sponsored by the U.S. Department of Defense
Founded in 1958 - The Center for Advanced Aviation System Development
Sponsored by the U.S. Federal Aviation Administration
Founded in 1990 - The Center for Enterprise Modernization
Sponsored by the U.S. Internal Revenue Service
Co-sponsored by the U.S. Department of Veterans Affairs
Founded in 1998 - The Homeland Security Systems Engineering and Development Institute
Sponsored by the U.S. Department of Homeland Security
Founded in 2009 - The Judiciary Engineering and Modernization Center
Sponsored by the Administration Office of the U.S. Courts on behalf of the Federal Judiciary
Founded in 2010 - The CMS Alliance to Modernize Healthcare
Sponsored by the U.S. Centers for Medicare and Medicaid Services
Founded in 2012 - The National Cybersecurity FFRDC
Sponsored by the U.S. National Institute of Standards and Technology
Founded in 2014
Cold War Origins
At the height of the Cold War between the U.S. and the U.S.S.R., MITRE was formed in 1958 to provide guidance over the construction of the U.S. Air Force Semi-Automatic Ground Environment (SAGE) air defense system. SAGE was a system of computers and networking equipment tasked with coordinating data from multiple radar sites and producing a single unified image of the airspace; the project’s deployment cost exceeded the Manhattan Project — the R&D project that led to the first nuclear weapon.
SAGE would direct the North American Air Defense Command (NORAD) response to an air attack from Soviet Russia. A SAGE operator would use their light gun to select targets on their radar screen for further information, contact the defense resources in that area, and issue commands to attack.
FUN FACT: SAGE consoles came with built-in cigarette lighters and ashtrays located in the bottom left-hand corner.
Most of the early employees of MITRE came from Lincoln Labs at the Massachusetts Institute of Technology (MIT), where SAGE was being developed; hence, MITRE being based in Bedford, Massachusetts — a 30-minute drive from MIT.
Cyber Projects
In addition to operating The National Cybersecurity FFRDC, which is sponsored by the U.S. National Institute of Standards and Technology (NIST), MITRE also operates the Common Weakness Enumeration (CWE) project as well as the Common Vulnerabilities and Exposures (CVE) system. As of 1999, MITRE has functioned as the editor and primary CNA of the CVE system — the industry standard for vulnerability and exposure names.
In response to the ongoing rise of cyberattacks, MITRE released the MITRE ATT&CK framework in 2015. ATT&CK is a globally-accessible, living framework of observed and known adversarial tactics, techniques, and procedures (TTP) used by advanced persistent threats (APTs) and other cybercriminals in the wild. ATT&CK is also working to standardize the often chaotic naming of threat groups whose attack techniques the framework is derived from.
ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge. The framework is a matrix of intrusion techniques categorized into 12 different tactics.
As of May 2020, ATT&CK currently has four main matrices: PRE-ATT&CK, Enterprise, Mobile, and its most recent addition, ICS. The Enterprise ATT&CK matrix, the most commonly referenced matrix, combines four separate matrices: Windows, macOS, Linux, and Cloud.
Since its release in 2015, ATT&CK has become one of the most referenced and most respected resources in cybersecurity. The Enterprise ATT&CK matrix currently lists 226 unique adversarial techniques from the shell scripts .bash_profile and .bashrc to XSL Script Processing.
MITRE ATT&CK Evaluations
In 2018, MITRE ATT&CK launched the first round of the MITRE ATT&CK Evaluations in an effort to enable better communication between red teams, defenders, and management. Vendors of cybersecurity solutions have been using ATT&CK to measure and tune their capabilities; however, there was no neutral authority to transparently evaluate these solutions, until ATT&CK.
What makes the MITRE ATT&CK Evaluations appealing for testing is that it is based on known threat actor activity rather than just the hypothetical. ATT&CK emulates a known APT and tests a vendor’s capability to detect adversarial techniques and tactics as defined by the ATT&CK matrix.
MITRE Engenuity?
As of 2020, MITRE Engenuity, an independent nonprofit organization, will be managing the oversight of the MITRE ATT&CK Evaluations program.
Your MITRE ATT&CK Reading List
1. Introduction | What is MITRE ATT&CK?
2. Behind the Curtain | Who is MITRE?
3. ATT&CK Evaluations Round 2: APT29 | CyCraft Enters Round 2
4. ATT&CK Evaluations Round 2: APT29 | Complete Guide to Understanding Results
5. ATT&CK Evaluations Round 2: APT29 | CyCraft Results
6. ATT&CK Evaluations Round 3: FIN7 and Carbanak | CyCraft Enters Round 3
CyCraft at the MITRE ATT&CK Evaluations
Craft joined the second round of evaluations against APT29. CyCraft is the first Taiwanese cybersecurity firm to participate in the ATT&CK Evaluations as well as the youngest firm to ever participate. You can view our results against the APT29 Evaluation.
Follow Us
When you join CyCraft, you will be in good company. CyCraft secures government agencies, Fortune Global 500 firms, top banks and financial institutions, critical infrastructure, airlines, telecommunications, hi-tech firms, and SMEs.
We power SOCs with our proprietary and award-winning AI-driven MDR (managed detection and response), SOC (security operations center) operations software, TI (threat intelligence), Health Check, automated forensics, and IR (incident response), and Secure From Home services.
Additional Related Resources
- CyCraft CEO, Benson Wu, and CyCraft Global Project Manager, Chad Duffy, speak on the latest MITRE ATT&CK Evaluations. Read their thoughts on our results and the philosophy powering CyCraft.
- Learn how we detected and defeated a foreign APT targeting Taiwan’s high-tech ecosystem. Read our full analysis and malware reversal.
- Has your organization recently shifted to a Work From Home environment? Learn how to receive three free months of our Secure From Home service.
- Our Enterprise Health Check drops your mean dwell time down from 197 days to under 1 day without false positives or false negatives. Know with confidence if hackers have penetrated your enterprise.