We welcome your feedback about MITRE Engage v0.9 Beta: Email us at engage@mitre.org

Affect

Negatively impact the adversaries operations.

Affect is ultimately about changing the cost-value proposition in cyber operations for the adversary. The defender may want to increase the adversary’s cost to operate or drive down the value they derive from their operations. For example, the defender can negatively impact the adversary’s on-network operations to drive up the resource cost of doing operations by slowing down or selectively resetting connections to impact exfiltration. This type of activity increases the adversary’s time on target and wastes their resources. To drive down the value of stolen data, a defender could provide an adversary deliberately conflicting information. Providing such information requires an adversary to either choose to believe one piece of data over another, disregard both, collect more data, or continue with uncertainty.

All these options increase operational costs and decrease the value of collected data. Engage defines three approaches to make progress towards the Affect goal.

  • Prevent, focuses on setting up mitigations that stop some portion of an adversary’s operation’s from even starting.
  • Direct, attempts to maneuver an adversary into a better position for the defender.
  • Disrupt, seeks to cause problems in an adversary’s operations.

Details
ID: EGO0002
Type:  Engagement 

Approaches

Approach NameDescriptionID
Prevention Stop all or part of the adversary's ability to conduct their operation as intended. EAP0003
Direction Encourage or discourage the adversary from conducting their operation as intended. EAP0004
Disruption Impair an adversary's ability to conduct their operation as intended. EAP0005