An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

News | Oct. 23, 2023

Cybersecurity Speaker Series: D3FEND

FORT MEADE, Md. – The National Security Agency (NSA)’s Cybersecurity Collaboration Center (CCC) has released the latest installment in its Cybersecurity Speaker Series, focused on the D3FEND framework for cybersecurity.

Host Bailey Bickley, Chief of DIB Defense at the CCC, sat down with NSA’s Technical Advisor for Cybersecurity Publications, Eric Chudow, and MITRE’s D3FEND Lead, Peter Kaloroumakis. They discussed the development, release, and adoption of D3FEND and how it can serve as a guide for architecting, designing, and defending networks.

NSA funded the development of the D3FEND framework, which launched in 2021, to provide an open model with standardized vocabulary for employing techniques to counter malicious cyber activity, which is critical to cybersecurity collaboration.

“D3FEND is a model for what cyber defenders are doing in their day-to-day activities, [and tries] to establish a language for those activities” said Kaloroumakis. “Though D3FEND primarily focuses on technology, it is really solving a human problem; getting everyone on the same page with a common language is essential for doing good analysis on your investments and building secure systems. D3FEND can have significant impacts because you can do all these secondary activities which are going to be higher fidelity, higher accuracy in how you communicate with other people about cyber defensive technology.”

MITRE D3FEND complements MITRE ATT&CK, which describes how different malicious cyber threat actors get into the network and spread around the networks. D3FEND enables network defenders to pivot and protect, detect, respond, and recover from those adversarial techniques. Woven through the framework is clear communication, as D3FEND continues to build common language to ensure network architects, and even the C-suite, are using the same terms and actually meaning the same thing.

 “Our missions here at NSA are to defend National Security Systems and Department of Defense networks, and to help support the Defense Industrial Base,” said Chudow. “Just telling them how different threat actors are going to get into those networks is not enough. That is only one part. The other piece is what are the techniques to defend – protect, detect, respond, and recover – from those adversarial techniques, and that is where D3FEND came in to ensure we are speaking the same language.”

“Nuances matter in cyber, so having that consistent lexicon really is valuable,” said Bickley.

“We are excited about the future of D3FEND, because with a good foundation, we can do really interesting things on top of it and build applications using the core components of D3FEND,” said Kaloroumakis. “[It’s] exciting from a research and development perspective.”

If you have what it takes to join NSA’s team, visit Ready to apply? Go to

View the latest Speaker Series below, along with the complete series on YouTube. Follow us on Twitter @NSACyber and on the CCC LinkedIn showcase page to track future releases.