Two new MITRE programs central to strengthening cyber defense work on building global cyber capacity

Not-for-profit organization MITRE has announced two programs aimed at strengthening cyber defense among the international partners and allies of the U.S. These initiatives go beyond simply thwarting adversary threats and aim to foster U.S. security and stability, while laying the foundation for collaborative efforts to protect citizens, sectors, and networks worldwide.

“After a series of damaging ransomware attacks in 2022, Costa Rica’s president, Rodrigo Chaves, requested assistance from the United States. In response, President Biden promised $25 million to enable the Central American nation to develop a cybersecurity program. The commitment came on the heels of a $50 million pledge to help Albania recover from a set of attacks attributed to Iran,” Denise Schiavone, lead writer/editor at MITRE, wrote in a Tuesday news post. “Because threats against one nation—from rampant cybercrime to assaults on vulnerable supply chains—impact systems and people globally. A strong international cyber capacity bolsters U.S. national and domestic security, while reinforcing broader efforts in strategic competition.”

Schiavone outlined that MITRE’s whole-of-nation approach includes two efforts to strengthen global cyber capacity. “Our International Cyber Capacity Building (ICCB) program works through the U.S. State Department to help developing partner nations (including Costa Rica and Albania) improve their strategic cyber capacity. Our Active Defense Capability Set (ADCS) provides training, technology, and technical guidance to support U.S. Department of Defense objectives to increase the cyber abilities of our defense allies,” she added. 

Both these efforts draw on MITRE-developed open frameworks and standards, like National Institute of Standards and Technology (NIST) publications, ATT&CK, and CALDERA. They also focus on the policy, processes, and skills needed to make such tools effective, resulting in a  global cyber community armed to ‘meet the threats of today and tomorrow.’

“In conjunction with open frameworks like ATT&CK, ADCS is laying the foundation for true collective self-defense,” Denise Olsen, principal cyber engineer of MITRE’s ADCS lead, said 

The U.S. State Department’s Director of the Office of International Engagement and Capacity Building Joanna LaHaie says, “We count on MITRE’s ICCB work to aid partner nations in developing capabilities that are secure, resilient, and responsive to an ever-evolving technological environment.”

Schiavone said that the strongest defenses start with a solid game plan. “Our ICCB program guides partner nations around eight cornerstones of cyber strategy: risk management and resourcing; governance and civil law; policy and standards; operational resiliency; incident coordination and response; counter-cybercrime; workforce development; and public awareness,” she added. 

MITRE’s Cynthia Wright, principal cybersecurity engineer, has worked on the effort since it began in 2016, and she has seen it deliver a deep impact.

“In some cases, we’re changing the trajectory of how a country engages, both in their domestic cybersecurity and with the international cyber community,” she says. “For certain nations, we’ve essentially written the governance charters that shape how they’ll operate in cyberspace for years to come.”

ICCB has assisted nearly 100 countries. Its scope ranges from helping allies like Ukraine counter Russian cyber aggression, and assist less-resourced African nations in establishing effective governance strategies to foster U.S. foreign policy goals in the Indo-Pacific. In that region, ICCB plans to partner with 28 nations, starting with Bangladesh, Sri Lanka, Mongolia, Vietnam, Thailand, and Nepal. A key goal for the area: countering Chinese influence.

Wright says the initiative has evolved considerably over the years. “Most countries we work with now have a national cyber strategy, but they don’t necessarily know where to go from there,” she explains. “We’ve transitioned to a large degree from assisting partners with developing strategies from the ground up to guiding them on how best to implement and sustain the ones they have.”

To ensure broad success, “our team regularly collaborates with international organizations. These include the Organization of American States, the George C. Marshall European Center for Security Studies, and Carnegie Mellon’s Software Engineering Institute. In addition to our U.S. State Department sponsor, the DoD uses the work for partner security cooperation activities. The Department of Homeland Security also incorporates it into various strategic efforts around cybercrime.”

Schiavone notes that the ADCS capability for international partners emerged from high-profile incidents in American politics. “Following the surge of cyber threat activity leading up to the 2020 elections, DoD’s U.S. European Command engaged MITRE to develop a cyber capability building program to teach partner nations how to detect and remove adversaries from their networks. From there, the effort grew into a five-phase, seven-step methodology to empower our foreign partners to conduct proactive cyber adversary hunting. The process emphasizes sharing threat information across the cyber defender community.”  

ADCS includes a pre-assessment of cyber military forces, network infrastructure, cyber tools, and self-study through MITRE Engenuity and Cybrary in preparation for an in-country technical exchange. “Our team also provides an in-depth technical manual. To ensure skills proficiency, we conduct a mission qualification certification and a culminating cyber exercise. For these, we simulate attacks and compromises within our Global Networked Experimentation, Research, and Virtualization Environment space, a.k.a. Global NERVE,” the post added.

Since the effort’s initial achievements, ADCS will roll out for 21 European countries over the next four years, Schiavone wrote. “First stops are Romania and Slovenia. We also plan to implement a tailored program for U.S. Indo-Pacific Command (in Indonesia, Malaysia, and Taiwan, among others) and for U.S. Africa Command (in Ghana, Tunisia, and Morocco),” she added.

“I’m thrilled to see us expand like this, rolling out combatant commands around the world,” says Olsen, who built the original program while deployed to Stuttgart, Germany, before the 2020 elections.

From under-resourced nations to closest defense allies, MITRE’s international partners benefit from the complementary aspects and information sharing of ICCB and ADCS cyber initiatives.

Last month, the NIST outlined that international engagement plays a crucial role in several ongoing efforts of the agency which include the update of the ‘Journey to the Cybersecurity Framework (CSF 2.0),’ revision of digital identity guidelines, and boosting awareness on the NIST Privacy Framework and IoT cybersecurity work. The agency has also undertaken several meetings and held workshops with international participants.

MITRE debuted in March its System of Trust framework to address supply chain security challenges, providing the foundation needed for understanding supply chain risks. The framework will be key to securing ‘robust and resilient’ supply chains, partners, components, and systems that are globally manufactured. It is also aimed at defining, aligning, and addressing the specific concerns and risks that stand in the way of organizations’ trusting suppliers, supplies, and service providers.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.