Thursday, November 14, 2024

11:30 AM - 12:30 PM

Bradman Theatre

---

Details

This presentation is designed for everyone. Whether you are a complete beginner struggling with technology, a seasoned cybersecurity professional, or a decision-maker, this presentation has insights and practical tools for everyone. In the ever-evolving realm of IT/OT cybersecurity, understanding and mitigating exploitable vulnerabilities and threats proactively is the only path forward. MITRE’s ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) and D3FEND (Detection, Denial, and Disruption Framework Empowering Network Defence) frameworks provides an evolving approach to comprehend and counteract the Tactics, Techniques, and Procedures (TTPs) employed by threat actors. Although relatively new, these cybersecurity frameworks serve as a shared language guiding in both offensive and defensive strategies to fully map and understand the threat surface and protect Defence systems and data assets. ATT&CK has had such impact that it is officially used by the Cybersecurity and Infrastructure Security Agency (CISA) in their threat report “PRC State-Sponsored Actors Compromise and Maintain Persistent Access to US Critical Infrastructure”, which was co-authored by ASD and ACSC. Using ATT&CK, the report explained and mapped the living-of-the-land (LOTL) TTPs of Volt-Typhoon; used to gain access in the US Critical Infrastructure for the last five years. A major difference with other frameworks is that ATT&CK and D3FEND are constantly growing with the input of the cybersecurity community. Managed by MITRE, both frameworks grow by adding new attackers TTPs witnessed by front liners everywhere. Securing Defence Information Systems The fast pace of change in cybersecurity can be overwhelming for those who try to keep up-to-date. The ATT&CK/D3FEND frameworks serve as a knowledge base of what’s actually happening in the field. It catalogues attackers and defenders TTPs and the common vulnerabilities they exploit, how to detect and mitigate them while providing a clear taxonomy of how such breaches can occur. ATT&CK allows to single out TTPs related to Advanced-Persistent-Threat (APT) groups that attack specific industries, such as Defence Industrial Base. By understanding these TTPs, professionals can proactively prioritise security measures to secure Defence information systems and data assets. ATT&CK has four matrices:

• Enterprise matrix for Windows, Linux, and MacOS;
• ICS matrix for Industrial Control Systems;
• Enterprise cloud matrix for Azure AD, Office365, Google Workspace, SaaS, IaaS, Network, and Containers; and
• Mobile matrix for Android & iOS.

In tandem, D3FEND complements ATT&CK by focusing on the defender's TTPs. It outlines a knowledge graph of cybersecurity countermeasures against ATT&CK’s TTPs. The emphasis is on a secure-by-design threat surface that not only detects threats but also prevents and responds to attacks effectively. The Threat Ahead Looking forward, the cybersecurity landscape will undoubtedly continue to evolve, driven by advancements in technology and changes in attacker's TTPs. It is vital to understand the threat surface of IT/OT and being able to communicate it visually and verbally between stakeholders across the One-Defence-Capability-System (ODCS). This dual-framework approach ensures that Defence Information systems are not merely reactive but are also equipped to anticipate and neutralise threats before they manifest into breaches, or worse, loss of capability when our war fighters need it most.

---

Speaker