April 30, 2022
Cyber Threat Mission Builder
University of West Florida and Siemens Dwill developing a tool for creating and simulating cyber threat scenarios against target environments that are based upon real-world threat intelligence and adversary tactics, techniques, and procedures for the purpose of training, testing, and defending those environments.
Manufacturing and other critical infrastructure sectors are under increasing threat from cyber adversaries. Vulnerability assessment and penetration testing are current services available to evaluate the attack surface an organization presents to an adversary. The goal of this project is to offer a different capability, which allows organizations to safely simulate a cyber-attack, evaluate and enhance defenses, examine “what if” style scenarios (such as “zero-day exploits,” or a vulnerability in software or hardware only known by an attacker), and conduct realistic hands-on training involving threat detection, threat hunting, and incident response.
Proposed Solution
The team will develop a web-based application with a graphical user interface that will guide a user through the creation and testing of cyber threat missions based on open-source threat intelligence data. To frame the missions, the Cyber Threat Mission Builder system will leverage the MITRE ATT&CK Mmatrix, the Common Vulnerabilities and Exposures (CVE) database, and other sources.
Impact
This tool will enable the manufacturing industry to develop realistic cyber threat scenarios to protect their organizations from adversaries and simulate potential threat missions against a model of their environment. It will allow them to test their current defenses, train threat hunters and incident responders, and allow for “worst case” scenario testing of hypothetical adversary capabilities. Ultimately, manufacturers will be able to strengthen the cybersecurity of their manufacturing processes and train future cybersecurity professionals within the manufacturing sector.
Outcome
The team demonstrated the technological feasibility and validity of a threat intelligence-driven cyber threat mission builder. The GUI-based Mission Builder is accessible via a web browser and guides the user through all the stages of the cyber threat mission. They are also presented with relevant techniques an adversary might employ to achieve the goal of that mission stage.