MITRE crowdsourcing analytics to bolster cybersecurity

Jessica Davis | HealthcareITnews | January 16, 2018

Threat detection response is more reactive than proactive but MITRE engineer explains how sharing threats within a trusted environment can bolster security programs.

Threat detection response has historically been more reactive than proactive. Organizations often wait until suspicious activity occurs on the system to find bad actors, and intrusions are commonly difficult to detect. While perimeter security is crucial, in this era of highly-sophisticated cyberattacks, it’s no longer enough. To that extent, MITRE has been working to partner with the National Health Information Sharing and Analysis Center (NH-ISAC) to research cyberthreat tactics and share those results with hospitals and communities through its Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) analytics method.

Sample code of ATT&CK from Mitre. Credit-Mitre

...“Healthcare is one of the first examples of a sector or group doing this crowdsourcing approach to developing analytics,” said Julie Connolly, principal cybersecurity engineer for MITRE. “We have different ways to engage the community and we put the framework out there. It takes time, but it’s been very successful.”...

...ATT&CK is a public, open source tool, Connolly said. In the past, ATT&CK focused on Windows programs. But MITRE has since expanded into Linux, Mac, mobile and others, due to overwhelming interest. MITRE is working on some other ATT&CK frameworks, as well...

Open Health News' Take: 

The partnership between MITRE and the NH-ISAC is a model for crowd-sourced, open source development of security tools that can bring the benefits of government sponsored research to build cybersecurity resilience in the Healthcare Public Health Sector. There is more information in this powerpoint presentation from the HIMSS18 conference.