FiGHT briefing - General Sept 2024 PRE 24-02046-1.pptx
ccgmag
26 views
22 slides
Mar 05, 2025
Slide 1 of 22
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
About This Presentation
MITRE’s FiGHT framework exemplifies our commitment to safeguarding the technological backbone of our connected world. By combining threat intelligence, technical innovation, and collaborative expertise, FiGHT not only addresses today’s 5G challenges but sets the stage for a secure and resilient ...
Slide Content
MITRE FiGHT™ Ensuring a Secure & Resilient 5G Contact: [email protected] Approved for Public Release PR 23-01856-10 © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
5G Security: Perspective and Needs By applying a comprehensive 5G Threat Framework to specific use cases and architectures, we can quantify risks and prioritize mitigations to ensure 5G can revolutionize with minimum compromise *Commercial off the Shelf, including hardware, software, Operating Systems, Infrastructure, etc. Decoupling of software and hardware /platform requires new and additional security measures Auxiliary technologies from the Internet are brought into 5G and their threats inherited Complexity of deployments (cloud, physical, hybrid) poses a configuration/responsibility challenge Supply Chain risk is increasing. Use of COTS * and Open-source s/w is ubiquitous Standards (e.g. 3GPP) leave some controls optional 5G is the most secure cellular system to date. However, security vulnerabilities remain. EDGE CLOUD 5G CORE Internet © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
5G Complexity: A system of many systems © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
Motivations for a 5G Threat Based Framework 5G is new, so not many attacks reported This effort is predictive – be prepared for when adversaries strike The Adversary’s Pyramid of Pain by David J Bianco © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
Cybersecurity should be threat-informed Knowledge of my adversary can help me… Reference: Engineering-as-a-Moat What I know about my own strengths and weaknesses? What do I know about my adversary’s capabilities and intent? © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
FiGHT™ is a threat-based framework to assess the confidentiality, integrity, and availability of our 5G networks, as well as the systems and applications using them. FiGHT™ leverages concepts from existing security frameworks and builds upon them, incorporating predictive and lab-proven threats to critical 5G assets. Risk Management Assessments Analysis & Prioritization Security monitoring/ automation Identification Acquisition planning © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
FiGHT™ Components Adversary Tactics, Techniques, and Procedures (TTPs) Critical Assets: Network, End customer Threat Mitigations Threat Detection Threat Actors Cyber Threat Intelligence Phase 1 Phase 2 © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
Highly Abstract Lockheed Martin Kill Chain, Microsoft STRIDE Mid-tier Abstraction ATT&CK and FiGHT Detailed MITRE CVE, CWE, CAPEC FiGHT TM Philosophy A threat model that documents adversary behaviors relevant to 5G Leverages concepts from ATT&CK but is a separate framework Sources: Empirical Observation - adversary behaviors from contributed threat intel. Proof of Concept - adversary behaviors successfully demonstrated in a laboratory setting Predictive - conceptual adversary behaviors not yet demonstrated in a laboratory setting or in the wild Fitting behaviors into a threat model is iterative journey/subject to discussion © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
Threats are from a sampling of various sources © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1 Sources of FiGHT TTPs: - CVEs, blogs, papers by security vendors/researchers - Academic papers, surveys - Annual mobile threat reports (ENISA, GSMA, Nokia, etc ) - Communications from various contributors - Standards and industry forums documents Threat intelligence sharing amongst operators: saluted but not practiced A security vendor emulated about 60% FiGHT TTPs
FiGHT™ Matrix (now version 2.1.1) Launched Sept. 2022 https://fight.mitre.org © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
5G Deployment life cycle: FiGHT™ + ATT&CK ® informed Plan Design Deploy Operate Improve Architecture Procurement Plan Security Controls, XDR Network/Infrastructure Network Optimization Security Optimization Network Health monitoring Incident management Risk Mgmt Plan Assessment Plan Assessment Report Security Controls Configuration Security & OAM Testing © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
Threat Intelligence Threat Hunting Security Alerts (SIEM) Incident Response Improves Informs Guides Enterprise Security Operation Center Mission Areas FiGHT ™ (5G Hierarchy of Threats), is a knowledge base of adversary tactics and techniques for 5G systems. Advises From FiGHT research to SOC operations: Advises industry of latest 5G threats Enriches databases with emerging 5G threat intelligence. Informs threat hunting of plausible suspicious activity in 5G systems. Improves development of analytics that alert on potential intrusions. Guides eradicating threats from systems during incident response. FiGHT™ and Enterprise SecOps FiGHT v2.1 Data Available on GitHub https://github.com/mitre/FiGHT Enriches Threat Intel Database © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
FiGHT Tooling Tools Tool Use Status FiGHT Pipeline Creation and editing of the threat model 100% complete FiGHT Navigator Visual application of the threat model for scenarios building 90% complete STIX & TAXII Intelligence sharing STIX – model TAXII – communication method 70% complete Not started FiGHT Workbench User-side editing of the threat model Not started FiGHT Flow Visual modeling of adversary emulation over time Not started CALDERA Automated adversary emulation for red team assessment Not started © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
Risk management activity example: continuous network monitoring For missions which depend on 5G communications, it is advisable to include threat informed defense. Other activities are possible- e.g. NIST RMF. © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1 Anomaly Detection Monitor for malicious activities Signature-based; Ineffective against adaptable threats AI/ML based; high false positives Requires threat framework; Efficient and detects advanced threats Threat Hunting indicators of compromise
STIX FiGHT Navigator Roadmap © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1 V 1 V2 V3 V2.1 Sept. 2022 Oct 2023 Mar. 2024 Plan Oct Jan 2025 5G specific threats- core, RAN, roaming, slice Virtualization, OA&M threats O-RAN threats Cloud for 5G threats Content Functionality . . . MITRE ATT&CK® compatibility Data component Groups Campaigns Software
New TTPs added or to be added Resource Development tactic - Develop capabilities (UE baseband exploit, operator network, silent SMS) - Obtain capabilities (radio infrastructure) UE related threats - exploitation for client execution (baseband API, OTA input) - silent paging GTP-U threats - TEID discovery, GTP-U abuse, UE access O-RAN threats - fronthaul sniffing, AI/ML model attacks Other - Compromise supply chain Enterprise/cloud observed threat s Based on reported telco threat actor activity- LightBasin and Gallium) Command / Scripting Interpreter: Cloud API Impair Defenses: Disable or modify system firewall Brute Force: Password guessing, Password spraying O-RAN threats E2 Manager unauthorized access by xApp Eavesdrop or exfil via rApp O-RAN Fronthaul timing Telecom threats GTP-U exfil/C2 ( GTPDOOR ) DOS (NF via de-registration, UE via tunnel, gNB via signaling storm) © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1 Version 2.1.1 (partial list) Version 3.0 planned/TBD (partial list)
FiGHT TM can be operationalized FiGHT TM can be used to perform threat-informed defense in risk management and operations. See The Threat Develop Analytics Emulate Adversaries Assess Your Defenses #Parse log file for failed login attempts failed_attempts=$(grep "authentication failure" /var/log/auth.log) # Write failed attempts to log file if [ -n "$failed_attempts" ]; then echo "$failed_attempts" >> "$log_file" fi © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
FiGHT was used to map 3G and 4G real-word attacks © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1 Example: Outbound traffic tunneling (by LightBasin group) Tactics: FiGHT is incorporated into some security vendors products Threat intelligence report (Nokia, 2023) Reconnaissance Initial Access Credential Access Discovery Lateral movement Collection Command and Control Exfiltration
Desired Partnership A 5G Threat-Based Framework enhanced by Industry MITRE makes FiGHT TM available for the community to leverage Results in enhanced security of 5G deployments MITRE releases new framework regularly based on community contributions Operationalization tools (e.g. Navigator, STIX/TAXII) Expand coverage to other domains: O-RAN, MEC, UE apps. Community leverages visibility to real-world threats and operator / vendor perspectives, etc., to contribute to FiGHT TM FiGHT TM FiGHT TM Contributions Carriers, Vendors, Standards Bodies Cloud, AI/ML, Data Analytics, Software Development Cyber Threat Intelligence MITRE is seeking ongoing collaboration and feedback from the community for enhancements of the threat model applicable to carriers, service providers, and enterprises © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
FiGHT summary Design, deploy and operate resilient 5G networks and reduce new technology risk Achievements and Goals Developed & published threat-based framework fight.mitre.org Continually modernize/extend capability Collaborate with vendors, and others in the community (e.g., GSMA) Private 5G Commercial Enterprise Securing 5G with FiGHT™ © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
FiGHT: Key takeaways Adversary Emulation and Red Teaming: Planning adversary emulation scenarios and executing red team engagements against 5G systems. Defensive Gap Assessment: Reviewing appropriate 5G system mitigations for lack of defenses against emerging adversarial techniques. Behavioral Analytic Development: Maturing analytics to identify potential adversarial activity observed in 5G systems. SOC Maturity Assessment: Evaluate 5G operational system capability to protect, detect, and respond to intrusions. The FiGHT framework can be leveraged for similar use cases proven successful with MITRE ATT&CK framework © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1
Call to action © 2024 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 24-02046-1 Adversaries skills sharper can’t afford to fight alone Don’t be shy – Tell us what you saw – Help your partners Dear Carriers and Network Vendors, We’d LOVE to hear from you! You keep the details and can stay anonymous OR be given full credit. Love XOXO The FiGHT Team
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 26
- Slides 22
- Age 270 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views