NSA Announces Release of Mitre D3FEND Cybersecurity Framework

The National Security Agency said it funded Mitre’s development of a knowledge base of cybersecurity measures against common techniques used by malicious hackers.

Mitre created the D3FEND model as a complement to its existing ATT&CK model, which serves as a knowledge base of cyber adversary behavior, the NSA said Tuesday.

While ATT&CK describes how malicious hackers typically operate, the D3FEND framework enumerates techniques that can reduce the success rate of attackers, the NSA said.

The agency said it expects D3FEND to enhance the cybersecurity of national security systems, the Department of Defense and the defense industrial base.

D3FEND defines a set of defensive techniques and outlines how they relate to offensive methods. The NSA and Mitre urged cybersecurity professionals across government, industry and academia to adopt the ATT&CK and D3FEND’s vocabulary for the sake of standardization.

According to the agency, a standard way of categorizing cyber behavior and defensive techniques will enable information sharing and collaboration.

Mitre is a nonprofit corporation that supports the national security community in cyber resilience, cyber threat sharing, artificial intelligence, data science, health informatics and space security.

In early June, the Cybersecurity and Infrastructure Security Agency published guidance for the effective use of ATT&CK.

The guide resulted from a partnership between CISA and the Homeland Security Systems Engineering and Development Institute, a federally funded research and development center operated by Mitre.

Mitre said the guide includes example uses and step-by-step instructions related to adversary threat levels, technology domains, ATT&CK mapping and the integration of raw data.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now