Cybersecurity Speaker Series: D3FEND – National Security Agency

Official websites use .gov
Secure .gov websites use HTTPS

FORT MEADE, Md. – The National Security Agency (NSA)’s Cybersecurity Collaboration Center (CCC) has released the latest installment in its Cybersecurity Speaker Series, focused on the D3FEND framework for cybersecurity.

Host Bailey Bickley, Chief of DIB Defense at the CCC, sat down with NSA’s Technical Advisor for Cybersecurity Publications, Eric Chudow, and MITRE’s D3FEND Lead, Peter Kaloroumakis. They discussed the development, release, and adoption of D3FEND and how it can serve as a guide for architecting, designing, and defending networks.

NSA funded the development of the D3FEND framework, which launched in 2021, to provide an open model with standardized vocabulary for employing techniques to counter malicious cyber activity, which is critical to cybersecurity collaboration.

“D3FEND is a model for what cyber defenders are doing in their day-to-day activities, [and tries] to establish a language for those activities” said Kaloroumakis. “Though D3FEND primarily focuses on technology, it is really solving a human problem; getting everyone on the same page with a common language is essential for doing good analysis on your investments and building secure systems. D3FEND can have significant impacts because you can do all these secondary activities which are going to be higher fidelity, higher accuracy in how you communicate with other people about cyber defensive technology.”

MITRE D3FEND complements MITRE ATT&CK, which describes how different malicious cyber threat actors get into the network and spread around the networks. D3FEND enables network defenders to pivot and protect, detect, respond, and recover from those adversarial techniques. Woven through the framework is clear communication, as D3FEND continues to build common language to ensure network architects, and even the C-suite, are using the same terms and actually meaning the same thing.

 “Our missions here at NSA are to defend National Security Systems and Department of Defense networks, and to help support the Defense Industrial Base,” said Chudow. “Just telling them how different threat actors are going to get into those networks is not enough. That is only one part. The other piece is what are the techniques to defend – protect, detect, respond, and recover – from those adversarial techniques, and that is where D3FEND came in to ensure we are speaking the same language.”

“Nuances matter in cyber, so having that consistent lexicon really is valuable,” said Bickley.

“We are excited about the future of D3FEND, because with a good foundation, we can do really interesting things on top of it and build applications using the core components of D3FEND,” said Kaloroumakis. “[It’s] exciting from a research and development perspective.”

If you have what it takes to join NSA’s team, visit www.NSA.gov/Careers. Ready to apply? Go to www.intelligencecareers.gov/nsa.

View the latest Speaker Series below, along with the complete series on YouTube. Follow us on Twitter @NSACyber and on the CCC LinkedIn showcase page to track future releases.
Civil Liberties, Privacy, & Transparency Office
Diversity, Equity, Inclusion, & Accessibility

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *