In a world where everyone has technology embedded into every aspect of their lives, keeping information safe has incredible value. One cannot help but wonder how secure our assets are in a digital landscape. Our information and money is just a few keystrokes away from being accessed at all times. Knowledge of which keys to hit is the only difference from us looking at that information versus a complete stranger. All too often, we hear about new cyber attacks that have massive impact. With the Equifax hack affecting just under half of all Americans, cyber security hits close to home. However, according to a Pew Research Center survey taken in June of 2016, the majority of Americans do not understand how they were attacked. This lack of basic cyber security knowledge at an individual level prevents a holistic understanding of cyber security. However, this lack of knowledge is also exhibited by many high-level decision-makers who have have the pivotal job of choosing how to prevent, defend, and respond to cyber attacks in the geopolitical realm. Due to this lack of knowledge, policies about cyber-security are often ill-informed and can risk being less than effective.

Our problem came from the cyber security company Endgame located in Arlington, VA. They are known for their comprehensive and innovative cybersecurity solutions, as they take on a threat hunting approach to cybersecurity. As the Chief Social Scientist at Endgame, our mentor, Andrea Limbago specializes in the intersection of cybersecurity and geopolitics. Our problem fell within this intersection as we were tasked with making something that helps create a baseline knowledge of cyber attacks for those who are making the most critical decisions in regard to cyber attack defense, prevention, and response. The ultimate goal of our original problem statement was to bridge the understanding and communication gaps between cyber security technical experts (those who truly understand the technology behind the attack) and high-level decision-makers (those who act to respond, prevent, and defend at the policy level). The one condition provided in our problem statement was that we should leverage MITRE’s ATT&CK matrix. The ATT&CK matrix is a post-compromise assessment tool with a massive amount of information about cyber attacks. It is extremely complicated for those without a cyber background and was something that we struggled with as a team throughout the semester. Our attempts to rework its complexity led us to our MVP.

A crucial part to the development process started with background research. In order to gain a holistic understanding of our problem space we conducted 42 unique interviews, with several people being returned to for additional input. In the beginning of this process we focused on finding an understanding of the broad problem space that we would be working in throughout the semester. This led to interviews with multiple JMU professors from the Intelligence Analysis department who specialize in cyber to Communication Studies professors. As the problem changed and became more specific, so too did our interviews. Throughout the semester we interviewed people from many different disciplines and backgrounds. Expectedly, we interviewed cyber security experts for needed technical background. However, we also interviewed analysts within the Intelligence Community, senior policy advisors for Congressman, JMU Computer Science professors, professionals at the State Department, and experts at MITRE who work on the ATT&CK Matrix.

A major pivot in our thinking occurred when we realized the main potential beneficiary of our MVP: all source intelligence analysts. Before this point, we were struggling to find a direction because our potential audience was so broad. We had ideas for an MVP but no actual iteration since we could truly only create conceptual ideas. There was nothing concrete. However, this information allowed us to streamline our direction and conduct more specific interviews. Once we knew this information we quickly were able to come up with the first iteration of our MVP. We then contacted a JMU Intelligence Analysis professor who worked as an analyst in the Intelligence Community for over twenty years. He suggested that we look into incorporating case studies into our tool. It took us a few weeks for this idea to become integrated into our MVP. However, our team felt as though something was missing with only analogies. Throughout the interview process we were told again and again that we needed a way for impact to be portrayed and understood as well. The case studies ended up being the answer. We saw them as important enough to create an entirely separate feature to our MVP.

Our final MVP is an open source tool located on a website. It is called Cyber Information Technology Education (CITE) and uses the cyber tactics and techniques laid out on MITRE’s ATT&CK Matrix. The ATT&CK Matrix is open source information developed by the government funded research company, MITRE. It is a post-compromise assessment tool, meaning that those that are using it are usually doing so after there has been a cyber attack to assess how they have been attacked. The Matrix provides information on over 200 types of cyber tactics and techniques. However, over the course of the semester we realized that the matrix is only useful if you have a background in cyber security. This becomes a problem because many people in policy and intelligence do not have cyber backgrounds. Therefore we had to think of a way to repackage the information so that it could provide a baseline knowledge for those that do not have that background.

In considering this issue along with information from our interviews, we designed our tool to include analogies for the highly technical terms on the ATT&CK Matrix. These analogies are accompanied by all sorts of information on the techniques, as well as case studies. The user has the ability to choose whether or not they will focus mainly on the case studies or the terms themselves. After picking which techniques to study, the user can move around terms and analogies for comparison, or the user can be matched with case studies that use the same kind of techniques for both a comparison and better understanding of potential impact. For example, they could look at BlackEnergy, a cyber attack that occurred in December of 2015 occurred in the Ukraine and targeted their power grid, impacting their critical infrastructure as well as their citizens. By seeing how BlackEnergy operated, which techniques it utilized, and what impact it had, they can compare it with what they are researching to see if there might be any similar implications.

Our team of five has brought various skillsets to the table due to our different academic backgrounds. With majors in Intelligence Analysis, Communications, Public Policy and Administration, and International Affairs, we all seemed to come in with different opinions about how to approach this problem. However, differing expertise allowed for a much more holistic problem solving approach as we all worked together to bolster strengths and overcome individual weaknesses. For example, as communication majors, Elliot and Luke had amazing insights on constructing narratives for analogies, as well as telling the story of our journey through our bi-weekly problem presentations in class. Alexa and Rachel were able to use their knowledge from Intelligence Analysis to provide a thorough understanding of our beneficiaries, as well as access to crucial contacts throughout the interview process. Kirsten acted as an important asset as she applied her amazing graphic design skills to develop countless mock ups of our idea and also set the bar well designed project websites. None of us could have completed this project without this unique combination of skills.