Speaking at Infosecurity Europe 2019 Andrew Habibi-Parker, director – professional services, EMEA & APJ at LogRhythm, explored security risks surrounding critical national infrastructure (CNI) and outlined why the MITRE ATT&CK Framework can be pivotal in defending and protecting critical infrastructures.
Habibi-Parker explained that there are some critical elements of national infrastructure such as assets, facilities, systems and networks which, in the event of a compromise, can be targeted by attackers to effect the integrity or delivery of essential services, resulting in significant impact on national security, national defense or the functioning of the state.
He said the “UK Government’s cyber strategy and NIS Directive is playing a key role in helping improve cybersecurity in UK CNI organizations” but added that the rapid emergence of new vulnerabilities and malicious actors’ smarter tactics make it “impossible to completely secure CNI networks and systems.” A focus on reducing detection and response times is therefore crucial, Habibi-Parker explained, and that’s where the MITRE ATT&CK Framework can be very effective.
That’s because MITRE ATT&CK “uses real world intelligence on the TTPs used by APT groups.” It’s a great way to validate and improve your detection, incident handling and continuous monitoring capabilities, Habibi-Parlker said.
However, Habibi-Parker was quick to point out that MITRE ATT&CK is not “a replacement for cybersecurity best practices” nor is it a list of fully-achievable objectives. It may also not be the right choice for an organization that does not have a SOC, he added, and “implementing monitoring of endpoints and behavioral analytics is critical to success.”