What is MITRE ATT&CK for ICS and how is it transforming ICS cyber-security?

Cyber threats have always gone hand-in-hand with increased technology usage; it’s an upsetting fact but coming to terms with it opens up the possibility of handling the problem more effectively. In the early days of the internet, cyber security was essentially a private affair, with companies investing in anti-virus software and implementing firewalls. Over time, the threat grew, but more importantly, cyber criminals became a lot more adaptable and sophisticated. A non-unified approach to the growing problem meant that the criminals were always several steps ahead of cyber security measures. In the early 2010s, it was becoming clear that a new approach was needed, and as a result of MITRE’s Fort Meade Experiment, MITRE ATT&CK was born. What Is Mitre Att&Ck Framework

MITRE ATT&CK Approaching an old problem in a new way

The MITRE ATT&CK Framework is a knowledge base for logging and searching all types of cyber threats. ATT&CK stands for Adversarial Tactics, Techniques, and Common Knowledge, referring to the innovative approach MITRE took when looking for a real and workable solution to what had become an enormous problem.

The unique part of the MITRE threat matrix is the way in which categories are used: threats are listed according to tactics, the layout is somewhat like the periodic table, grouping categories with matching criteria together. This format makes it possible to see the ways in which criminals are working and how they are developing breach strategies, giving corporations a much better chance to defend their systems.

The second half of the 2010s saw a huge increase in the numbers of attacks on industrial systems due to IT/OT convergence, leading to a corresponding increase in the number of reports in the MITRE ATT&CK matrix. The problem was that despite the overlap, there is still a big difference between traditional IT systems and industrial systems. Passive Monitoring

The vocabulary and designations are not always the same, and the approaches being used by cyber criminals are also very different. This led to the creation of MITRE ATT&CK for ICS Matrix in January 2020. This provides a matrix specific to the needs of the ICS threat landscape.

12 Categories of Industrial Breach Tactics

The innovative approach used in the original MITRE ATT&CK, which took the emphasis off the malware itself and placed in on the ways in which criminals interact with networks and their underlying motivations, really comes into its own with the MITRE ATT&CK for ICS matrix. The ICS focus allowed cyber security experts to gain unprecedented insight into the ways in which threats are being developed, and enabled a more accurate ICS security risk assessment.