that allows city departments, other states (through MS- ISAC) and federal partners to share intelligence and speed and coordinate responses.
The ISOC has bolstered Los Angeles’ collaborative cyber defenses and situ- ational awareness. In May, the city used the system to
block more than 127 million cyberattacks and identify and remediate 14,189 pieces of malware.
GRAPPLING WITH HACKERS’ ACTIONS AFTER A BREACH
MITRE’s ATT&CK model helps agencies understand and respond to the inevitable network penetrations
Perimeter security is vital, but it has long since ceased to be sufficient for government systems. Cyber intruders will breach networks and often are able to navigate internally for months before being detected. And because attackers change their methods fre- quently, intrusions can be difficult to detect by traditional means.
MITRE, which operates multiple federally funded research and devel- opment centers (FFRDCs) and sup- ports the Defense Department on a wide range of cybersecurity initiatives, has worked to close that knowledge gap. Its Adversarial Tactics, Tech- niques and Common Knowledge
Mobile
behavioral model is the first detailed framework to describe the actions
a malicious cyber actor takes once inside a network.
ATT&CK grew out of MITRE’s previ- ous cybersecurity research, particu- larly red team/blue team exercises. Officials realized that there are only so many variations in the ways adver- saries behave once they’ve success- fully breached a system.
Make that universe of options bet- ter understood, and defenders have a much better chance of mitigating
a breach before too much damage is done.
Central to the project is a matrix
of post-exploitation tactics and techniques. Organized into categories such as privilege escalation, later movement, defense evasion and ex- filtration, the ATT&CK matrix provides
a much-needed common frame of reference.
MITRE cultivated a community around ATT&CK to raise awareness and continue to refine the shared knowledge. As a constantly growing and freely available reference base, ATT&CK can help agencies deter and respond to breaches. They can also use the model to create a blueprint for monitoring and assessment, make decisions about cybersecurity investments and more easily share information thanks to a standardized vocabulary.
Although the project grew out of an FFRDC that supports DOD, ATT&CK
is open-source and applicable to any government agency and the commer- cial sector.
— Suzette Lohmeyer
ICE agents collect biometric data in the field
A user-friendly app gives all 12,000 Immigration and Customs Enforcement agents the ability to collect fingerprints and check identities via their smartphones
Immigration and Customs
Enforcement agents respond- ing to a suspicious situation can’t ask people of interest to wait while their laptop powers up and looks for an internet connection. That’s why officials created the Eagle Directed Identification Environment (EDDIE) app, which gives all 12,000 ICE officers the ability to collect biometric data in the field using their agency-issued Apple iPhone and a pocket- size Bluetooth-connected fingerprint scanner.
After the user-friendly app authenticates the officer using it, he or she takes a photo of the subject while
— Troy K. Schneider
the phone collects location information via the Global Positioning System. Once the app incorporates the subject’s fingerprint scan, EDDIE searches multiple biometric databases, including Inter- pol’s, and returns results in less than a minute, quickly informing officers if someone is a known risk.
When agents go to an arrest site, they can’t always have a laptop with them, which is why developers made the app phone-based.
“I might be somewhere with an operation, I might jump in somebody else’s car,” said Rodger Werner, chief of
44 GCN OCTOBER/NOVEMBER 2016 • GCN.COM