📰 MITRE Extends D3FEND Cybersecurity Framework to Operational Technology (OT)
MITRE has extended its D3FEND framework to Operational Technology (OT)! 🛡️ Funded by the NSA, the new knowledge base provides a standard for defending critical infrastructure and cyber-physical systems. 🏭 #OTsecurity #ICS #D3FEND #Cybersecurity
This stuff is so cool #d3fend #MITRE #threatmodeling #defensive #cyber >
https://d3fend.mitre.org/blog/building-d3fend-graphs-with-d3fend-cad/
D3FEND is a knowledge base of cybersecurity countermeasure techniques. In the simplest sense, it is a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality.
ATT&CK Workbench is an impressive piece of software for #threatintel, the missing piece to actually make the topologies usable.
I hope a #D3FEND integration will be available in the future.
@shellsharks So my team has been thinking of a few ways of mapping controls to TTPs. Best route for now seems to take our Single Process Inventory (SPI) and find correlating controls in place.
Then using MITRE D3FEND, take ATT&CK techniques in our reporting and map to D3FEND techniques that make logical sense for us to implement. Ex. T1134 - Access Token Manipulation has some D3FEND techniques like System Call Analysis, Process Spawn Analysis, Mandatory Access Control.
https://d3fend.mitre.org/offensive-technique/attack/T1134/
NIST 800-53 Rev. 5 also includes a spreadsheet for mapping controls to TTPs although it's kept very vague. They do include a Navigator layer which can be useful to overlay with whatever ATT&CK techniques you're focused on.
https://mitre-engenuity.org/cybersecurity/center-for-threat-informed-defense/our-work/nist-800-53-control-mappings/
#ThreatIntel #MITRE #D3FEND
0xKaishakunin
CyberNetsecIO
CyberEd 
Taylor Parizo
st1nger 
🏴☠️ 
Manuel D'Orso