Not too many of us have directly experienced the unavailability of a critical service or infrastructure (e.g., power outages, unavailability of hospital data, etc.), but we as a security community have seen an explosive growth of cyberattacks targeting operational technology (OT) environments recently. The IBM X-Force Threat Intelligence Index 2020 found that OT attacks increased by 2,000 percent last year compared to 2018, and this trend is expected to continue in the coming years.
In security operations centers (SOCs), we have already realized the value that MITRE ATT&CK provides through its encyclopedia of mapped tactics, techniques and procedures (TTPs) based on real-world observations of adversaries. The knowledge base enables security teams to link adversarial TTPs when conducting a gap analysis and threat modeling.
Why Was ATT&CK for ICS Created?
OT and industrial control systems (ICS) technologies operate in a different manner than traditional IT systems. Likewise, attackers follow TTPs specific to the OT domain and the targeted industry. Most ICS environments have IT systems, controllers, supervisory control and data acquisition (SCADA) systems and human-machine interfaces (HMIs) that connect with industrial systems and special protocols.
Therefore, adversary goals are unique in these situations — human safety could be endangered when these systems and processes are not controlled properly. This has created an interest among OT security teams around the globe to have a standardized view and knowledge of TTPs related to ICS, which could help clarify questions such as:
What are the common at ..
Support the originator by clicking the read the rest link below.
