cvandeplas
commented
2 weeks ago The FiGHT™ website is generated by custom, MITRE software that consumes a YAML file to produce static HTML. The YAML file is being made available to enable users and contributors to automate how they interact with the FiGHT™ threat model.
We plan to eventually release the custom MITRE software to the public, in addition to a STIX-formatted JSON file that is compliant with how ATT&CK is documented in STIX.
View our current YAML file here.
https://fight.mitre.org/
FiGHT™ (5G Hierarchy of Threats), is a knowledge base of adversary Tactics and Techniques for 5G systems. FiGHT consists of three types of Techniques: theoretical, proof of concept (PoC), and observed. The theoretical and PoC constitute the bulk of the framework and are based upon academic research and other publicly available documents. Currently, a minority of FiGHT Techniques are based upon real-world observations, documented accordingly. Each FiGHT Technique is labelled as theoretical, PoC, or observed.
FiGHT serves as a foundation to 5G security research and can be operationalized in various ways, such as to conduct threat assessments, enable adversarial emulation, identify coverage gaps, and inform cyber investment planning. As 5G continues to expand and intersects with technologies globally, adversaries will leverage the increased attack surface to exploit and disrupt the use of 5G. MITRE hopes that through the use of FiGHT, 5G stakeholders can work together to ensure a secure and resilient 5G ecosystem.
FiGHT is modeled after the MITRE ATT&CK® framework, and its tactics and techniques are complementary to those in ATT&CK. MITRE invites contributions and feedback from interested communities of telecommunication providers, manufacturers, and cyber security researchers to help continuously improve the FiGHT Framework.