Thursday, November 20, 2025

11:30 AM - 12:30 PM

Nicholls Theatre

---

Details

This presentation is designed for everyone. Whether you are a complete beginner struggling with technology, a seasoned cybersecurity professional, or a decision-maker, this presentation has insights and practical tools for everyone. In the ever-evolving realm of IT/OT cybersecurity, understanding and mitigating exploitable vulnerabilities and threats proactively is the only path forward. MITRE's ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) and D3FEND (Detection, Denial, and Disruption Framework Empowering Network Defence) frameworks provides an evolving approach to comprehend and counteract the Tactics, Techniques, and Procedures (TTPs) employed by threat actors. Although relatively new, these cybersecurity frameworks serve as a shared language guiding in both offensive and defensive strategies to fully map and understand the threat surface and protect Defence systems and data assets. ATT&CK has had such impact, it is officially used by the Cybersecurity and Infrastructure Security Agency (CISA) in their threat reports “Scattered Spider” and “PRC State-Sponsored Actors Compromise and Maintain Persistent Access to US Critical Infrastructure”, which were co-authored by ASD and ACSC. Using ATT&CK, the reports explained how threat actors gain access to systems explaining with ATT&CK TTPs. A major difference with other frameworks is ATT&CK and D3FEND are constantly growing with the input of the cybersecurity community. Managed by MITRE, both frameworks grow by adding new attackers TTPs witnessed by front liners everywhere. Securing Defence information systems The fast pace of change in cybersecurity can be overwhelming for those who try to keep up-to-date. The ATT&CK/D3FEND frameworks serve as a knowledge base of what's actually happening in the field. It catalogues attackers and defenders TTPs and the common vulnerabilities they exploit, how to detect and mitigate them while providing a clear taxonomy of how such breaches can occur. ATT&CK allows to single out TTPs related to Advanced-Persistent-Threat (APT) groups who attack specific industries, such as Defence Industrial Base. By understanding these TTPs, professionals can proactively prioritise security measures to secure Defence information systems and data assets. ATT&CK has three matrices: • Enterprise matrix for Windows, macOS, Linux, PRE, Office Suite, Identity Provider, SaaS, IaaS, Network Devices, Containers, ESXi. • ICS matrix for Industrial Control Systems; • Mobile matrix for Android & iOS. In tandem, D3FEND (funded by the NSA) complements ATT&CK by focusing on the defender's TTPs. It outlines a knowledge graph of cybersecurity countermeasures against ATT&CK's TTPs. The emphasis is on a secure-by-design threat surface which not only detects threats but also prevents and responds to attacks effectively. The threat ahead Looking forward, the cybersecurity landscape will undoubtedly continue to evolve, driven by advancements in technology and changes in attacker's TTPs. It is vital to understand the threat surface of IT/OT and being able to communicate it visually and verbally between stakeholders across the One-Defence-Capability-System (ODCS). This dual-framework approach ensures the Defence Information Environment is not merely reactive but are also equipped to anticipate and neutralise threats before they manifest into breaches, or worse, loss of capability when our war fighters need it most.

---

Speaker