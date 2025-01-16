MITRE released D3FEND 1.0, a cybersecurity ontology and knowledge base designed to establish a vocabulary and conceptualization of the cyber domain.

Funded by the National Security Agency, the Cyber Warfare Directorate in the U.S. Office of the Under Secretary of Defense for Acquisition and Sustainment, and the U.S. Office of the Under Secretary of Defense for Research and Engineering, D3FEND 1.0 provides a stable, extensible, and integration-friendly framework for cybersecurity operations and strategic decision-making.

First introduced as a beta-level release in June 2021, D3FEND has steadily grown over three years of consistent development and community contributions, tripling its semantic graph in size since its initial release. The collaboration of experts across government and industry, from security architects to detection engineers, has been shaped into the large and use case-driven model that D3FEND is launching today.

“With D3FEND, we are leaning forward with the greater cybersecurity community,” said Wen Masters, vice president, cyber technologies, MITRE. “D3FEND 1.0 reflects the collective expertise and vision of a diverse cybersecurity community. It's more than just a tool—it's a pathway to smarter, more nuanced defensive strategies. Our goal is to ensure D3FEND is adaptable and valuable across a wide range of cybersecurity domains.”

“D3FEND is effectively a model for what cyber defenders are doing in their day-to-day activities, but it’s trying to establish a common language for those activities and the system components to which they apply,” said Peter Kaloroumakis, principal applied ontologist, MITRE. “Even though D3FEND focuses on technology, it’s really solving a human problem. Getting everyone on the same page with a common language and Rosetta Stone is essential for doing in-depth, strategic analysis on your investments and building secure systems.”

Key Features and Enhancements in D3FEND 1.0

Cyber Attack-Defense (CAD) Tool: CAD enables D3FEND users to put the full ontology into action for their specific cybersecurity scenarios. Users can drag, drop, and link nodes on the canvas. Then, users can right-click to explore and incorporate D3FEND’s inference and share their CAD graphs on the internet or private networks.

Expanded Defensive Techniques & Taxonomies: With ontology additions for identity and access control concepts, operational technology, and source code hardening, D3FEND 1.0 also includes ontological modeling and incorporation of the Common Weakness Enumeration (CWE™) to support vulnerability modeling use cases.

Ontological Precision & Extensibility: Built upon OWL 2 DL, the D3FEND 1.0 release includes an interface, D3FEND Core Classes, which enables alignment to major upper ontologies, ensuring compatibility for broader semantic applications.

Transparency in D3FEND Updates: With a new content-lifecycle strategy, D3FEND ensures seamless adaptation as it evolves, offering predictable updates for users and software developers.

“This milestone is not an end—it’s a beginning, and we are just getting started,” said Kaloroumakis. “We’re committed to ongoing engagement with the cybersecurity community to refine and expand the framework, ensuring it meets the demands of an increasingly sophisticated landscape.”

MITRE invites cyber engineers and other industry professionals to explore D3FEND 1.0, as participation in the community is integral to the continued success and utility of the ontology. With D3FEND, MITRE continues its legacy of delivering innovative solutions and open-source tools that push the boundaries of cybersecurity defense.