Overview: This session offers practical tools for everyone, from beginners to seasoned information security professionals. By understanding and utilising MITRE's ATT&CK (Adversarial-Tactics-Techniques-and-Common-Knowledge) and D3FEND (Detection-Denial-and-Disruption-Framework-Empowering-Network-Defence) frameworks, participants will gain insights into securing systems using a risk-based and holistic approach to cyber exposure in both Information Technology (IT) and Operational Technology (OT).
Context: In the ever-evolving realm of IT/OT cybersecurity, threats advance faster than organisations can keep up. The ATT&CK+D3FEND frameworks provide an effective approach to understanding and counteracting the Tactics, Techniques, and Procedures (TTPs) used by threat actors. These frameworks are enablers for managing and mitigating security risks in modern technical and socio-technical systems.
Purpose: The presentation shows how ATT&CK+D3FEND offer a common language to guide professionals in current offensive and defensive TTPs. This enables participants to assess current systems and inform development of secure-by-design systems. By mapping and understanding the threat surface, participants will be able to determine how to secure systems and data assets effectively, considering the risk exposure involved.
Approach: The session will use real-world examples of the ATT&CK+D3FEND frameworks to demonstrate their application. The Cybersecurity-and-Infrastructure-Security-Agency (CISA) generated a report explaining how to defend against Volt-Typhoon, a Chinese state-sponsored hacker group. This report, co-authored by the Australian-Signals-Directorate (ASD) and the Australian-Cyber-Security-Centre (ACSC), details how Volt-Typhoon accessed US critical infrastructure over the past five years.
Insights: Participants will learn how to leverage ATT&CK+D3FEND to identify TTPs related to Advanced-Persistent-Threat (APT) groups targeting specific industries, and how to detect and mitigate these TTPs. This knowledge is crucial for enhancing systems security and risk mitigation when it comes to designing and testing systems in the current threat environment. The dual-framework approach of ATT&CK+D3FEND improves chances of preventing breaches, as it is not a matter of IF, but WHEN.