The MITRE Corp. has released a new knowledge base of tactics and techniques used by cyber adversaries when attacking industrial control systems (ICS), building on its existing ATT&CK resource used globally for various use cases such as detection, analytics, threat assessment, and understanding adversary capabilities.
ATT&CK for ICS, which is freely available, can be used by owners and operators of critical infrastructures that rely on ICS systems to defend their operations from cyber threats.
“Asset owners and defenders want deep knowledge of the tradecraft and technology that adversaries use in affecting industrial control systems to help inform their defenses,” Otis Alexander, a lead cyber security engineer focusing on ICS at MITRE, said in a statement. “Adversaries may try to interrupt critical service delivery by disrupting industrial processes. They may also try to cause physical damage to equipment. With MITRE ATT&CK for ICS, we can help mitigate the catastrophic failures that affect property or human life.”
MITRE on Tuesday said it launched ATT&CK for ICS after receiving input from more than 100 people from 39 private and public sector entities.
“The ATT&C framework has been instrumental for cyber defense teams in codifying a lexicon describing how cyber attacks are conducted as well as centralizing examples of research and threat intelligence reports regarding real-world use of attacker techniques,” Christopher Glyer, chief security architect at the cyber security firm FireEye [FEYE], said in a statement accompanying MITRE’s release. “The ICS ATT&CK framework creates a forum for establishing how ICS intrusions are unique/different from enterprise IT intrusions and will enable ICS operations and security teams to better protect these mission critical systems.”
MITRE highlighted several threats to ICS systems in the past few years including cyber attacks that impacted Ukraine’s power grid and attacks on pumping stations in Australia that spilled raw sewage.
Release of the threat database for ICS comes right as the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is warning stakeholders of potential cyber threats from Iran amid increased tensions with the U.S.
“Iran and its proxies and sympathizers have a history of leveraging cyber and physical tactics to pursue national interests, both regionally and here in the United States,” CISA said on Monday. These tactics include “Disruptive and destructive cyber operations against strategic targets, including finance, energy, and telecommunications organizations, and an increased interest in industrial control systems and operational technology.”