“MITRE released the Cyber Resiliency Engineering Framework (CREF) Navigator™—a free, visualization tool that allows organizations to customize their cyber resiliency goals, objectives, and techniques, as aligned with NIST SP 800-160, Volume 2 (Rev. 1), National Institute of Standards and Technology’s (NIST) publication on developing cyber-resilient systems. “Resiliency is the ultimate goal of cybersecurity,” said Wen Masters, vice president, cyber technologies, MITRE. “Information and communications systems and those who depend on them must be resilient in the face of persistent, stealthy, and sophisticated cyber-attacks. While resilience is sometimes described as an emergent property, resilience in the face of cyber threats must be engineered.” As with many of MITRE’s resources for cyber defenders that are developed in the public interest, the CREF Navigator is freely available to the greater cyber community. “We’ve taken the original cyber resiliency framework we created with NIST and now made it searchable and visualized,” said Shane Steiger, principal cybersecurity engineer, MITRE. “This relational database enables engineers to make educated and informed choices while designing resilient cyber solutions.” The principles of the CREF framework follow four guiding pillars:

• Anticipate: maintain a state of informed preparedness in order to forestall compromises of mission/business functions from adversary attacks,
• Withstand: continue essential mission/business functions despite successful execution of an attack by an adversary,
• Recover: restore mission/business functions to the maximum extent possible after successful execution of an attack by an adversary, and
• Adapt: change mission/business functions and/or the supporting cyber capabilities so as to minimize adverse impacts from actual or predicted adversary attacks…”