Introducing the New MITRE ATT&CK Framework for Industrial Control Systems


On January 7th, MITRE released ATT&CK for Industrial Control Systems, a taxonomy of real-world cyber adversarial behavior targeting ICS or industrial control systems. These systems operate critical infrastructure in manufacturing and utility industries, and they are popular targets in financial and espionage motivated attacks.

Recent high-profile attacks on industrial control systems include the 2015 attack on the Ukranian power grid and the 2017 NotPetya campaign. The former is considered to be the first known successful cyberattack on a power grid, and the latter, a ransomware variant, targeted Ukranian energy companies, power grid, transportation systems, and banks before spreading globally with total damages estimated at more than $10 billion.

Read more…