Mitre has released a new visualization tool called the Cyber Resiliency Engineering Framework (CREF) Navigator that enables organizations to customize their cyber resiliency goals, strategies, objectives and techniques.
The framework is designed to align with the National Institute of Standards and Technologies (NIST) publication on developing cyber resilient systems. Future enhancements to the CREF Navigator are planned to provide additional automated support for organizations interested in building stronger defenses for their critical infrastructure.
The principles of the CREF framework follow four pillars:
- Anticipate. Maintain a state of informed preparedness in order to forestall compromises of mission/business functions from adversary attacks.
- Withstand. Continue essential mission/business functions despite successful execution of an attack by an adversary.
- Recover. Restore mission/business functions to the maximum extent possible after successful execution of an attack by an adversary.
- Adapt. To change mission/business functions and/or the supporting cyber capabilities so as to minimize adverse impacts from actual or predicted adversary attacks.
“Resiliency is the ultimate goal of cybersecurity,” said Wen Masters, Mitre vice president, cyber technologies. “Information and communications systems and those who depend on them must be resilient in the face of persistent, stealthy and sophisticated cyberattacks. While resilience is sometimes described as an emergent property, resilience in the face of cyber threats must be engineered.”
The CREF Navigator is available to the greater cyber community free of charge.