You are here

MITRE Releases ATT&CKTM for ICS as Common Lexicon for Industrial Cyber Defense Strategy

MITRE Releases ATT&CKTM for ICS as Common Lexicon for Industrial Cyber Defense Strategy

Created: Thursday, January 9, 2020 - 13:53
Categories:
Cyber Security, Resilience

The MITRE Corporation, publisher of the widely revered ATT&CKTM Framework, has just released a new knowledge base, ATT&CKTM for Industrial Control Systems. Developed in collaboration with experts from ICS cybersecurity firm Dragos, ATT&CKTM for ICS categorizes public behaviors of malicious activity targeting critical OT infrastructure. ATT&CKTM for ICS was created to provide a common view and lexicon for ICS threat behavior mapping so defenders can better validate or develop their defenses. ATT&CKTM for ICS differs from its ATT&CKTM for Enterprise counterpart, in that it is based on adversary goals specific to ICS, such as disrupting an industrial control process, destroying property or causing temporary or permanent harm or death to humans. Additional ICS-specific considerations have also incorporated the Purdue Model and OT network assets. This new knowledge base identifies unique ICS-based tactics, such as inhibit response functions and impair process control. The ICS-specific tactics are further refined to discuss over eighty behavioral techniques, including alarm suppression and modify control logic. Read more about the new ATT&CKTM for ICS Overview at MITRE and Dragos.