MITRE Releases ATT&CKTM for ICS as Common Lexicon for Industrial Cyber Defense Strategy

The MITRE Corporation, publisher of the widely revered ATT&CK^TM Framework, has just released a new knowledge base, ATT&CK^TM for Industrial Control Systems. Developed in collaboration with experts from ICS cybersecurity firm Dragos, ATT&CK^TM for ICS categorizes public behaviors of malicious activity targeting critical OT infrastructure. ATT&CK^TM for ICS was created to provide a common view and lexicon for ICS threat behavior mapping so defenders can better validate or develop their defenses. ATT&CK^TM for ICS differs from its ATT&CK^TM for Enterprise counterpart, in that it is based on adversary goals specific to ICS, such as disrupting an industrial control process, destroying property or causing temporary or permanent harm or death to humans. Additional ICS-specific considerations have also incorporated the Purdue Model and OT network assets. This new knowledge base identifies unique ICS-based tactics, such as inhibit response functions and impair process control. The ICS-specific tactics are further refined to discuss over eighty behavioral techniques, including alarm suppression and modify control logic. Read more about the new ATT&CK^TM for ICS Overview at MITRE and Dragos.