NIST Cybersecurity Framework and MITRE Cybersecurity Criteria

Abstract

Today cyberattacks continue to evolve and are highly complex. They are also very expensive by the average cost of a breach-in cyberattack. The top ten most common cyberattack intrusion incidents for industrial, public, and private organizations are phishing attacks, negligent and malicious insiders, advanced persistent threats, zero day attacks, denial of service attacks, software vulnerabilities, social engineering attacks, and brute force attacks. Therefore, cybersecurity becomes an essential issue that generally focuses on the measures to protect valuable data, information, and business assets from malicious threat events that affect confidentiality, integrity, and availability of information. In this regard, it is vitally important that computer systems, networks and network-connected devices, infrastructure resources, and others stay up-to-date with current software operating systems, patches, and releases. Therefore, organizations need to institute policies and procedures that enforce the way their user’s access information and interact with network or system resources. Here the NIST Cybersecurity Framework and the MITRE Cybersecurity Criteria come into play. The NIST Cybersecurity Framework is a set of best practices, standards, and recommendations that support organizations to improve their cybersecurity measures. It focusses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organizations cybersecurity risk management. In this regard, the framework provides a common organizing structure for multiple cybersecurity approaches by assembling standards, guidelines, and practices that are working effectively today. The MITRE Cybersecurity Criteria enable a collective response against cybersecurity threat events, worked out in conjunction with industry and government authorities. It describes the common tactics, techniques, and procedures of advanced persistent threats against organizations’ computer systems and networks and was later expanded to industrial control systems. In this regard, the MITRE Cybersecurity Criteria are fully committed to defending and securing cyber-ecosystems. NIST’s and MITRE’s goal is to develop cyber resiliency approaches and controls to mitigate malicious cyberattacks. Cyber resiliency enables anticipating, withstanding, recovering from and adapting to adverse conditions, stresses, cyberattacks, or compromises on computer systems, networks, infrastructure resources, and others. Against this background, this chapter introduces in Sect. 5.1 the NIST Cybersecurity Framework (NIST CSF) with their manifold possible uses and their great impact improving industrial, public, and private organizations’ cybersecurity needs. Therefore, Sect. 5.1 introduces the process of cybersecurity risk management. Since NIST CSF is one of the most relevant cybersecurity frameworks, Sect. 5.1 introduces the NIST Cybersecurity Framework. Section 5.1.1 introduces CIS Critical Security Controls, Sect. 5.1.2 ISA/IEC 62443 Cybersecurity Standard, Sect. 5.1.3 MITRE Adversarial Tactics, Techniques, and Common Knowledge, Sect. 5.1.4 NIST 800-653, and in Sect. 5.1.5, the NIST Cybersecurity Framework. Section 5.2 focuses on the NIST Cybersecurity Framework for Critical Infrastructure and focuses in Sect. 5.2.1 on a NIST CSF Critical Infrastructure best practice use case, making use of a model approach in cybersecurity maturity. Against this background, Sect. 5.3 focusses on the MITRE Cybersecurity Criteria that provides a common taxonomy of Tactics, Techniques, and Procedures, applicable to defend cyberattacks, to withstand cyberattackers activities like unauthorized interaction with organizations’ computer systems, networks, and infrastructure resources, to recover from potential malicious cyberattacks. Section 5.4 introduce the MITRE Cybersecurity Taxonomy, which refers to cyberattack possibilities and how to conquer them. Section 5.5 contains comprehensive questions on the topics of NIST Cybersecurity Framework and MITRE Cybersecurity Criteria. Finally, “References” refers to the used references for further reading.