Pierluigi Paganini January 08, 2020

MITRE announced the initial release of a version of its MITRE ATT&CK knowledge base that focuses on industrial control systems (ICS).

MITRE’s ATT&CK framework is becoming a standard in cybersecurity community for the classification of attacker behavior. Now the organization is going to propose a knowledge base that focused on ICS systems for its MITRE’s ATT&CK.

“ATT&CK™ for ICS is a knowledge base useful for describing the actions an adversary may take while operating within an ICS network. The knowledge base can be used to better characterize and describe post-compromise adversary behavior.” reads the official page set up by MITRE.

“The MITRE ATT&CK for ICS Matrix™ is an overview of the tactics and techniques described in the ATT&CK for ICS knowledge base. It visually aligns individual techniques under the tactics in which they can be applied. Some techniques span more than one tactic because they can be used for different purposes.”

The MITRE ATT&CK for ICS was built with the intent to help critical infrastructure and other organizations that use ICS to assessing cyber risks.

Over 100 individuals representing 39 organizations have contributed to the ATT&CK for ICS.

The core of the MITRE ATT&CK for ICS it the matrix that provides an overview of the TTPs associated with threat actors that have carried out attacks against ICS systems.

The knowledge base for ICS attacks includes an Assets category that could be used by organizations to better classify the type of threats that could impact the resources in their environment.

The knowledge base currently includes 10 threat actors, 81 attack techniques, 17 families of malware, and 7 types of assets.

The knowledge base is essential for the development of effective threat intelligence and incident response activities.

“Asset owners and defenders want deep knowledge of the tradecraft and technology that adversaries use in affecting industrial control systems to help inform their defenses,” explained Otis Alexander, a lead cybersecurity engineer focusing on ICS security at MITRE. “Adversaries may try to interrupt critical service delivery by disrupting industrial processes. They may also try to cause physical damage to equipment. With MITRE ATT&CK for ICS, we can help mitigate the catastrophic failures that affect property or human life.”

“[ATT&CK for ICS] is a huge win for the front-line ICS network defenders who now have a common lexicon for categorizing ICS specific techniques to support reporting and further analysis.” said Austin Scott, principal ICS security analyst at Dragos, commenting on the knowledge base.

Pierluigi Paganini

(SecurityAffairs – MITRE’s ATT&CK framework, ICS)

[adrotate banner=”5″]

[adrotate banner=”13″]