Cyber IT Supervisory Forum eBook

Internal Use Only

Advanced Cyber Actors: What Should You Do?

 You must be on your A-game and actively “hunting” on your own network ‒ Leverage guidance being published by CISA and industry  CISA Advisories  Industry reports and best practices  Volt Typhoon ATT&CK profiles: https://attack.mitre.org/groups/G1017/  Focus on resiliency techniques to ensure that you can keep operating even if destructive attacks are attempted [17] ‒ Free resource from MITRE: CREF Navigator (mitre.org)

19

© 2024 THE MITRE CORPORATION. ALL RIGHTS RESERVED. APPROVED FOR PUBLIC RELEASE. DISTRIBUTION UNLIMITED 23-01698-01.

Internal Use Only

Quantum Computing (QC) and Post-Quantum Crypto (PQC)

Risks (motivation)  What is a quantum computer and why do they pose a risk?

Decisions (Pros and Cons)  Do nothing  Strengthen current crypto  Move to PQC

Suggested actions

Resources

20

© 2024 THE MITRE CORPORATION. ALL RIGHTS RESERVED. APPROVED FOR PUBLIC RELEASE. DISTRIBUTION UNLIMITED 23-01698-01.