To offer learnings from its experience, MITRE has published initial details about the incident via the Center for Threat-Informed Defense, found here.
MITRE Response to Cyber Attack in One of Its R&D Networks
McLean, Va., April 19, 2024—MITRE today disclosed that despite its fervent commitment to safeguarding its digital assets, it experienced a breach that underscores the nature of modern cyber threats. After detecting suspicious activity on its Networked Experimentation, Research, and Virtualization Environment (NERVE), a collaborative network used for research, development, and prototyping, compromise by a foreign nation-state threat actor was confirmed.
Following detection of the incident, MITRE took prompt action to contain the incident, including taking the NERVE environment offline, and quickly launched an investigation with the support of in-house and leading third-party experts. The investigation is ongoing, including to determine the scope of information that may be involved.
MITRE has contacted authorities and notified affected parties and is working to restore operational alternatives for collaboration in an expedited and secure manner.
“No organization is immune from this type of cyber attack, not even one that strives to maintain the highest cybersecurity possible,” said Jason Providakes, president and CEO, MITRE. “We are disclosing this incident in a timely manner because of our commitment to operate in the public interest and to advocate for best practices that enhance enterprise security as well necessary measures to improve the industry’s current cyber defense posture. The threats and cyber attacks are becoming more sophisticated and require increased vigilance and defense approaches. As we have previously, we will share our learnings from this experience to help others and evolve our own practices.”
NERVE is an unclassified collaborative network that provides storage, computing, and networking resources. Based on our investigation to date, there is no indication that MITRE’s core enterprise network or partners’ systems were affected by this incident.
Hi, I'm Charles Clancy, Chief Technology Officer of MITRE.
In January this past year, over 1700 organizations were compromised by a sophisticated nation state threat actor.
This threat actor compromised the Ivanti Connect Secure appliance that's used to provide connectivity into some of our most trusted networks.
MITRE was one of those compromised. In the interest of transparency and public interest, we really want to share our experiences, so others can learn from it.
We took all the recommended actions from the vendor, from the U.S. government, but they were clearly not enough. As a result, we are issuing a call to action to the industry.
The threat has gotten more sophisticated, and so too must our solutions to combat that threat.
First, we need to advance secure by design principles. Hardware and software needs to be secure right out of the box.
Second, we need to operationalize secure supply chains by taking advantage of the software bill of materials ecosystem to understand the threats in our upstream software systems.
Third, we should deploy zero trust architectures, not just multi-factor authentication, but also micro-segmentation of our networks.
Fourth, we need to adopt adversary engagement as a routine part of cyber defense. It can provide not only detection, but also deterrence to our adversaries. Adversaries are advancing new threats and new techniques.
We need new solutions, and together we can develop and deploy those solutions, thank you.
As part of our cybersecurity research in the public interest, MITRE has a 50-plus-year history of developing standards and tools used by the broad cybersecurity community. With frameworks like ATT&CK®, Engage™, D3FEND™, and CALDERA™ and a host of other cybersecurity tools, MITRE arms the worldwide community of cyber defenders.
To offer learnings from its experience, MITRE has published initial details about the incident via the Center for Threat-Informed Defense, found here, and plans to release additional information as the investigation continues and concludes.
Media Contact:
Tracy Schario, media@mitre.org