WASHINGTON: The National Security Agency has released a brand-new tool to help cyber warriors understand, communicate, and choose defensive measures to stop cyberattacks.

D3FEND, as it’s dubbed, is intended to complement the MITRE ATT&CK framework. Whereas ATT&CK focuses on standardizing the way cyber warriors understand and talk about offense, D3FEND focuses on cyber defenses.

Together, the frameworks provide cyber warriors with a common understanding of cyber concepts and a standardized vocabulary to use when talking about them, which should facilitate clearer communication for sharing information and coordinating defensive operations both in and between organizations.

ATT&CK can be used to build threat models, as well as cyber kill chains of actual incidents, to include adversaries’ behaviors and their tactics, techniques, and procedures (TTPs), in part because ATT&CK is based on real-world threats.

Likewise, D3FEND can be used to develop cyber defenses by “illustrat[ing] the complex interplay between computer network architectures, threats, and cyber countermeasures… illuminat[ing] previously-unspecified relationships between defensive and offensive methods.”

Because D3FEND is so detailed, it can serve as a useful guide for architecting, designing, and implementing cyber defenses.

D3FEND is based, in part, on 500 countermeasure patents from the last two decades, according to its website. Notably, however, D3FEND and ATT&CK are vendor-agnostic frameworks, which can be applied to safeguarding a wide range of IT environments, including national security systems, Defense Department networks, and defense industrial base assets.

NSA funded MITRE’s research for developing D3FEND, but like ATT&CK, it’s freely available online now. Cyber professionals can provide comments and recommend improvements at the D3FEND website.

Breaking Defense reached out to NSA for comments, but did not receive any before publication.