MITRE Engenuity and the National Cybersecurity Strategy

Like so many cyber security professionals have done over the last week, I have been thinking deeply about the new National Cybersecurity Strategy and what it means to my team. And by my team, I mean the MITRE Engenuity team, and more specifically the Cyber Resiliency portfolio within. As the Managing Director of the Cyber Resiliency portfolio, I am fortunate enough to be a part of the team responsible for leading the Center for Threat-Informed Defense, ATT&CK® Evaluations, and MITRE ATT&CK Defender™. For those not familiar with our team, I offer the following descriptions of each:

• The Center for Threat-Informed Defense is comprised of industry leaders from around the globe with highly sophisticated security teams and is focused on deepening the global understanding of cyber adversarial behavior, advancing the field of threat-informed defense, and extending the reach of MITRE ATT&CK® framework through collaborative R&D.
• ATT&CK Evaluations (Evals) assesses the ability of commercially developed capabilities and services to defend against specified threat actors, simultaneously helping product developers deliver more secure defense solutions and their potential customers to make more informed procurement and implementation decisions.
• MITRE ATT&CK Defender (MAD) is a “living certification” program that promotes defenders to continuously update their knowledge and skill against the latest threats. MAD offers updated credentials when the threat landscape changes, helping certified defenders maintain an advantage over the adversary over time.

A deep review of the National Cybersecurity Strategy did not so much as give us reason to alter our trajectory as much as it validated the course we continue to steer. Given our mission, it is likely obvious as to why we found Strategic Objectives 1.2 and 4.6, as well as pillars three and four of primary interest.

• Strategic Objective 1.2: Scale Public-Private Collaboration
• Pillar Three: Shape Market Forces to Drive Security and Resiliency
• Pillar Four: Invest in a Resilient Future
• Strategic Objective 4.6: Develop a National Strategy to Strengthen our Cyber Workforce

With the added benefit of knowing just how well aligned our execution plan is, we are even more confident in our course and will increase speed.

The Center for Threat-Informed Defense, in partnership with our valued members and MITRE teammates will:

• More visibly demonstrate what is already strong alignment between R&D projects and the MITRE ATT&CK 2023 Roadmap,
• Further advance adversary threat emulation and test & evaluation, while also developing MITRE ENGAGE™ beyond a framework,
• Ensure risk-informed mission impact analysis benefits from threat-informed approaches, and
• Partner with members to exemplify the call for “The most capable and best-positioned actors in cyberspace (to be) better stewards of the digital ecosystem.”

Evals will be even more deliberate about conducting and publishing Evaluation results in a way that shows our commitment to:

• Drive the market in the direction toward security AND resiliency,
• Facilitate more market differentiation,
• More deliberately inform procurement decisions and enhance cyber security/resiliency across the public and private sectors, and
• Ensure the results are easily understood by big enterprise teams with lots of depth as well as those without resident expertise.

MITRE ATT&CK Defender will continue to:

• Expand our curriculum,
• Align our offerings to fill voids,
• Develop new ways of assessing real-world mastery of topics, and
• Create more ways to engage with under-served populations.

Though not specific to any one facet of the current MITRE Engenuity business, we are also committed to partnering with our MITRE teammates to build upon the Cyber Resiliency Engineering Framework (CREF) and the CREF Navigator™, as well as MITRE ATLAS™, Caldera™, ENGAGE™,and D3FEND™, as part of our quest to build resiliency into capabilities being developed across the private sector.

Strategies can be powerful. They can also serve as mere shelfware. The measure of any strategy is the action it inspires and the outcomes those actions deliver. The measure of any team is its ability to bring the strategy to life. MITRE Engenuity is committed to delivering desired outcomes in partnership with our government and industry teammates. We look forward to all opportunities to extend our reach, deepen our impact, and deliver aligned outcomes. We hope to see many of you at RSA Conference 2023 this year. Our MITRE team, including those working across the MITRE Engenuity portfolio, will be there along with Center members, MITRE ATT&CK professionals, and Evaluations participants. Please stop by MITRE booth #4438.

© 2023 MITRE Engenuity, LLC. Approved for Public Release. Document number ME0067