by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : October and November 2016
44 GCN OCTOBER/NOVEMBER 2016 • GCN.COM that allows city departments, other states (through MS- ISAC) and federal partners to share intelligence and speed and coordinate responses. The ISOC has bolstered Los Angeles’ collaborative cyber defenses and situ- ational awareness. In May, the city used the system to block more than 127 million cyberattacks and identify and remediate 14,189 pieces of malware. — Suzette Lohmeyer MITRE’s ATT&CK model helps agencies understand and respond to the inevitable network penetrations Perimeter security is vital, but it has long since ceased to be sufficient for government systems. Cyber intruders will breach networks and often are able to navigate internally for months before being detected. And because attackers change their methods fre- quently, intrusions can be difficult to detect by traditional means. MITRE, which operates multiple federally funded research and devel- opment centers (FFRDCs) and sup- ports the Defense Department on a wide range of cybersecurity initiatives, has worked to close that knowledge gap. Its Adversarial Tactics, Tech- niques and Common Knowledge behavioral model is the first detailed framework to describe the actions a malicious cyber actor takes once inside a network. ATT&CK grew out of MITRE’s previ- ous cybersecurity research, particu- larly red team/blue team exercises. Officials realized that there are only so many variations in the ways adver- saries behave once they ’ve success- fully breached a system. Make that universe of options bet- ter understood, and defenders have a much better chance of mitigating a breach before too much damage is done. Central to the project is a matrix of post-exploitation tactics and techniques. Organized into categories such as privilege escalation, later movement, defense evasion and ex- filtration, the ATT&CK matrix provides a much-needed common frame of reference. MITRE cultivated a community around ATT&CK to raise awareness and continue to refine the shared knowledge. As a constantly growing and freely available reference base, ATT&CK can help agencies deter and respond to breaches. They can also use the model to create a blueprint for monitoring and assessment, make decisions about cybersecurity investments and more easily share information thanks to a standardized vocabulary. Although the project grew out of an FFRDC that supports DOD, ATT&CK is open-source and applicable to any government agency and the commer- cial sector. — Troy K. Schneider GRAPPLING WITH HACKERS’ ACTIONS AFTER A BREACH Mobile ICE agents collect biometric data in the field A user-friendly app gives all 12,000 Immigration and Customs Enforcement agents the ability to collect fingerprints and check identities via their smartphones Immigration and Customs Enforcement agents respond- ing to a suspicious situation can’t ask people of interest to wait while their laptop powers up and looks for an internet connection. That’s why officials created the Eagle Directed Identification Environment (EDDIE) app, which gives all 12,000 ICE officers the ability to collect biometric data in the field using their agency-issued Apple iPhone and a pocket- size Bluetooth-connected fingerprint scanner. After the user-friendly app authenticates the officer using it, he or she takes a photo of the subject while the phone collects location information via the Global Positioning System. Once the app incorporates the subject’s fingerprint scan, EDDIE searches multiple biometric databases, including Inter- pol’s, and returns results in less than a minute, quickly informing officers if someone is a known risk. When agents go to an arrest site, they can’t always have a laptop with them, which is why developers made the app phone-based. “I might be somewhere with an operation, I might jump in somebody else’s car,” said Rodger Werner, chief of 1116gcn_032-055.indd 44 10/6/16 10:25 AM
August and September 2016
January and February 2017