The United Nations (UN) has introduced a new cyber-attack assessment framework designed to complement existing models, including MITRE ATT&CK. This framework, called the UNIDR Intrusion Path, aims to enhance understanding of malicious activities in the ICT environment for policymakers and non-technical stakeholders. It provides a simplified view of the layers of IT networks where malicious actions take place, making cyber diplomacy more inclusive. The framework is crucial as cyber threats increase, contributing to global stability and peace by equipping stakeholders with better tools to address these challenges.
The UNIDR Intrusion Path model introduces three key layers of analysis based on the network perimeter: outside, on, and inside the perimeter.
The outside perimeter represents systems and networks beyond an organization’s control, such as public websites and the dark web. The on-perimeter layer includes the boundary between internal systems and external networks, incorporating firewalls and intrusion detection systems. The inside perimeter refers to an organization’s internal network, housing sensitive data and operational systems, highlighting where defenses can be breached.
This model also outlines how both perpetrators and defenders operate within these layers. It provides insights into how malicious activities may bypass system defenses and the measures defenders can employ to monitor and counteract intrusions. The framework aims to improve both offensive and defensive cybersecurity strategies by visualizing the different paths attackers might follow to compromise networks. By using this model, organizations can better understand the evolving tactics used in cyber-attacks and strengthen their defenses accordingly.
The UNIDR Intrusion Path framework complements established models like the MITRE ATT&CK framework and the Cyber Kill Chain.
While MITRE ATT&CK categorizes the tactics and techniques employed by attackers at various stages, the Cyber Kill Chain maps out the stages of an attack, from initial reconnaissance to exfiltrating data. Together with the UNIDR Intrusion Path, these tools provide a comprehensive approach to analyzing and defending against cyber-attacks, ensuring a more transparent and secure digital environment.
Reference:
