SlideShare uma empresa Scribd logo
1 de 11
Baixar para ler offline
©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
What’s New with ATT&CK® for ICS?
Otis Alexander
https://attack.mitre.org/ics
@ojalexander
©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
ATT&CK for ICS Mitigations
https://collaborate.mitre.org/attackics/index.php/Mitigations
• M0800-M0816 are new to ATT&CK for ICS
• Each mitigation has mappings to IEC 62443 and NIST SP 800-53
• Mitigations target the following stakeholders:
• Asset owner/operators
• Integrators
• Device vendors
• Security vendors
• There is a significant focus on protecting operational and
management interfaces of embedded controllers
©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
STIX and Navigator Integration
•As part of ATT&CK v8, we released ATT&CK for ICS in
STIX
https://github.com/mitre/cti/tree/master/ics-attack
•A new version of ATT&CK Navigator was released as
well where you can pick the ICS domain
https://mitre-attack.github.io/attack-navigator/
What’s on the Horizon?
©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
Updates to Data Sources
• Maintaining visibility into ICS networks is essential for
quickly detecting and remediating cyber threats.
• Understanding the various data sources that are available in
ICS networks is key to this endeavor. Network traffic is a
popular source of data in ICS networks but there are other
valuable sources of data that are often overlooked.
• Embedded device logs
• Application logs
• Operational databases
©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
Data Sources
Configuration
• Firmware
version
• System settings
• Control logic
• Parameters
Performance and
Statistics
• CPU, memory,
disk, ethernet,
etc.
• Network
connection
information
Process
Information
• I/O values
associated with
tags
• Alarms and
faults (e.g.,
digital fault
recorder)
• Events (e.g.,
command
execution)
• Process quality
(e.g., phasor
measurement
unit)
Asset
Management
• Condition-based
monitoring
• Predictive
maintenance
• Work order
system
Physical
• Physical sensors
(e.g., tamper
detection)
©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
ICS Attacks Mapped to Enterprise
• We’re currently working on mapping the following ICS attacks:
• Stuxnet
• Ukraine 2015
• Industroyer
• Triton
• Adversaries do not respect theoretical boundaries (i.e., IT/ICS)
so it is important to have a deep understanding of how IT
platforms are leveraged to access and impact ICS.
©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
We Need Your Help!
•How can we improve ATT&CK for ICS?
•How are you currently using mitigations?
•Do you have any opinions on our data
source focus?
©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
attack@mitre.org
@MITREattack
Otis Alexander
@ojalexander

Mais conteúdo relacionado

Mais procurados

MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE - ATT&CKcon
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia -  Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia -  Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...NetworkCollaborators
 
ATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSMITRE ATT&CK
 
Accelerating Digital Leadership
Accelerating Digital LeadershipAccelerating Digital Leadership
Accelerating Digital LeadershipM2M Alliance e.V.
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE - ATT&CKcon
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert TriageSqrrl
 
Smart City Lab 3 - Publishing Data from your Sensor
Smart City Lab 3 - Publishing Data from your SensorSmart City Lab 3 - Publishing Data from your Sensor
Smart City Lab 3 - Publishing Data from your SensorPeter Waher
 
Cloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeCloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeJoAnna Cheshire
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive SecurityBlueliv
 
Smart City Lecture 6 - Earning by Sharing in the Smart City
Smart City Lecture 6 - Earning by Sharing in the Smart CitySmart City Lecture 6 - Earning by Sharing in the Smart City
Smart City Lecture 6 - Earning by Sharing in the Smart CityPeter Waher
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar |  Tips for Successful CASB ProjectsSymantec Webinar |  Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure
 
5 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 3655 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 365Netskope
 
Data Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldData Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldNetskope
 
Becoming a Yogi on Mac ATT&CK with OceanLotus Postures
Becoming a Yogi on Mac ATT&CKwith OceanLotus PosturesBecoming a Yogi on Mac ATT&CKwith OceanLotus Postures
Becoming a Yogi on Mac ATT&CK with OceanLotus PosturesAdam Pennington
 
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg Splunk
 
MalCon Future of Security
MalCon Future of SecurityMalCon Future of Security
MalCon Future of SecurityNetskope
 

Mais procurados (20)

MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITREMITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
MITRE ATT&CKcon 2.0: ATT&CK Updates - Sightings; John Wunder, MITRE
 
Putting the PRE into ATTACK
Putting the PRE into ATTACKPutting the PRE into ATTACK
Putting the PRE into ATTACK
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia -  Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia -  Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
 
ATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICSATT&CK Updates- ATT&CK for ICS
ATT&CK Updates- ATT&CK for ICS
 
Accelerating Digital Leadership
Accelerating Digital LeadershipAccelerating Digital Leadership
Accelerating Digital Leadership
 
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
MITRE ATT&CKcon 2.0: Ready to ATT&CK? Bring Your Own Data (BYOD) and Validate...
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
 
Smart City Lab 3 - Publishing Data from your Sensor
Smart City Lab 3 - Publishing Data from your SensorSmart City Lab 3 - Publishing Data from your Sensor
Smart City Lab 3 - Publishing Data from your Sensor
 
Cloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the HypeCloud Access Security Brokers - What's all the Hype
Cloud Access Security Brokers - What's all the Hype
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Webinar: Adaptive Security
Webinar: Adaptive SecurityWebinar: Adaptive Security
Webinar: Adaptive Security
 
Smart City Lecture 6 - Earning by Sharing in the Smart City
Smart City Lecture 6 - Earning by Sharing in the Smart CitySmart City Lecture 6 - Earning by Sharing in the Smart City
Smart City Lecture 6 - Earning by Sharing in the Smart City
 
Symantec Webinar | Tips for Successful CASB Projects
Symantec Webinar |  Tips for Successful CASB ProjectsSymantec Webinar |  Tips for Successful CASB Projects
Symantec Webinar | Tips for Successful CASB Projects
 
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablementWeSecure Data Security Congres: 5 must haves to safe cloud enablement
WeSecure Data Security Congres: 5 must haves to safe cloud enablement
 
5 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 3655 Highest-Impact CASB Use Cases - Office 365
5 Highest-Impact CASB Use Cases - Office 365
 
Data Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy WorldData Privacy, Security, and Sovereignty in a Cloudy World
Data Privacy, Security, and Sovereignty in a Cloudy World
 
Becoming a Yogi on Mac ATT&CK with OceanLotus Postures
Becoming a Yogi on Mac ATT&CKwith OceanLotus PosturesBecoming a Yogi on Mac ATT&CKwith OceanLotus Postures
Becoming a Yogi on Mac ATT&CK with OceanLotus Postures
 
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
SplunkLive! Utrecht 2018 - Customer presentation: POST Luxembourg
 
MalCon Future of Security
MalCon Future of SecurityMalCon Future of Security
MalCon Future of Security
 
SIEM game changer
SIEM game changerSIEM game changer
SIEM game changer
 

Semelhante a What's New with ATTACK for ICS?

Introduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsIntroduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsSean R. Bouchard, P.Eng
 
How to Digitize Industrial Manufacturing with Azure IoT Edge, InfluxDB, and M...
How to Digitize Industrial Manufacturing with Azure IoT Edge, InfluxDB, and M...How to Digitize Industrial Manufacturing with Azure IoT Edge, InfluxDB, and M...
How to Digitize Industrial Manufacturing with Azure IoT Edge, InfluxDB, and M...InfluxData
 
Tomas_Votruba_-_CP_ICS_Solution_for_CI_and_Industrial (1).pptx
Tomas_Votruba_-_CP_ICS_Solution_for_CI_and_Industrial (1).pptxTomas_Votruba_-_CP_ICS_Solution_for_CI_and_Industrial (1).pptx
Tomas_Votruba_-_CP_ICS_Solution_for_CI_and_Industrial (1).pptxTefElbert
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceOptimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceThousandEyes
 
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceEMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceThousandEyes
 
The Future of Cybersecurity in Energy Sector
 The Future of Cybersecurity in Energy Sector The Future of Cybersecurity in Energy Sector
The Future of Cybersecurity in Energy Sectoracinfotec
 
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceOptimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceThousandEyes
 
Security Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleSecurity Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleContent Rules, Inc.
 
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...voltriosolutions
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAndy Taylor
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxEBERTE
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing toolsyrinxtech
 
Chapter 1 Exploring the Network. Intoduction.pptx
Chapter 1 Exploring the Network. Intoduction.pptxChapter 1 Exploring the Network. Intoduction.pptx
Chapter 1 Exploring the Network. Intoduction.pptxKennedyRodriguez10
 
Io t presentation
Io t presentationIo t presentation
Io t presentationJohan Odell
 
Vadim Bardakov - AVR & MSP exploitation
Vadim Bardakov - AVR & MSP exploitationVadim Bardakov - AVR & MSP exploitation
Vadim Bardakov - AVR & MSP exploitationDefconRussia
 
Creating a successful IoT product with MediaTek Labs
Creating a successful IoT product with MediaTek LabsCreating a successful IoT product with MediaTek Labs
Creating a successful IoT product with MediaTek LabsMediaTek Labs
 
MITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICSMITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICSMITRE ATT&CK
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Honeywell
 

Semelhante a What's New with ATTACK for ICS? (20)

Introduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water OperatorsIntroduction to Industrial Cybersecurity for Water and Waste Water Operators
Introduction to Industrial Cybersecurity for Water and Waste Water Operators
 
How to Digitize Industrial Manufacturing with Azure IoT Edge, InfluxDB, and M...
How to Digitize Industrial Manufacturing with Azure IoT Edge, InfluxDB, and M...How to Digitize Industrial Manufacturing with Azure IoT Edge, InfluxDB, and M...
How to Digitize Industrial Manufacturing with Azure IoT Edge, InfluxDB, and M...
 
Tomas_Votruba_-_CP_ICS_Solution_for_CI_and_Industrial (1).pptx
Tomas_Votruba_-_CP_ICS_Solution_for_CI_and_Industrial (1).pptxTomas_Votruba_-_CP_ICS_Solution_for_CI_and_Industrial (1).pptx
Tomas_Votruba_-_CP_ICS_Solution_for_CI_and_Industrial (1).pptx
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceOptimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
 
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceEMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
EMEA Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
 
The Future of Cybersecurity in Energy Sector
 The Future of Cybersecurity in Energy Sector The Future of Cybersecurity in Energy Sector
The Future of Cybersecurity in Energy Sector
 
Mercom Capabilities 2015.ppt
Mercom Capabilities 2015.pptMercom Capabilities 2015.ppt
Mercom Capabilities 2015.ppt
 
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid WorkforceOptimizing and Troubleshooting Digital Experience for a Hybrid Workforce
Optimizing and Troubleshooting Digital Experience for a Hybrid Workforce
 
Security Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training SampleSecurity Design Considerations Module 3 - Training Sample
Security Design Considerations Module 3 - Training Sample
 
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...
VOLTRIO SOLUTIONS PVT LTD is a automation product engineering service organiz...
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
 
CCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptxCCSA Treinamento_CheckPoint.pptx
CCSA Treinamento_CheckPoint.pptx
 
Penetration Testing as an auditing tool
Penetration Testing as an auditing toolPenetration Testing as an auditing tool
Penetration Testing as an auditing tool
 
Chapter 1 Exploring the Network. Intoduction.pptx
Chapter 1 Exploring the Network. Intoduction.pptxChapter 1 Exploring the Network. Intoduction.pptx
Chapter 1 Exploring the Network. Intoduction.pptx
 
Io t presentation
Io t presentationIo t presentation
Io t presentation
 
Vadim Bardakov - AVR & MSP exploitation
Vadim Bardakov - AVR & MSP exploitationVadim Bardakov - AVR & MSP exploitation
Vadim Bardakov - AVR & MSP exploitation
 
Creating a successful IoT product with MediaTek Labs
Creating a successful IoT product with MediaTek LabsCreating a successful IoT product with MediaTek Labs
Creating a successful IoT product with MediaTek Labs
 
MITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICSMITRE ATT&CK Updates: ICS
MITRE ATT&CK Updates: ICS
 
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
Yokogawa & NextNine – Lessons Learned: Global Cybersecurity Management System...
 

Mais de MITRE - ATT&CKcon

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceMITRE - ATT&CKcon
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesMITRE - ATT&CKcon
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...MITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE - ATT&CKcon
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsMITRE - ATT&CKcon
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkMITRE - ATT&CKcon
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingMITRE - ATT&CKcon
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedMITRE - ATT&CKcon
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?MITRE - ATT&CKcon
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesMITRE - ATT&CKcon
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMITRE - ATT&CKcon
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionMITRE - ATT&CKcon
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020MITRE - ATT&CKcon
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchMITRE - ATT&CKcon
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-TechniquesMITRE - ATT&CKcon
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE - ATT&CKcon
 
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE - ATT&CKcon
 

Mais de MITRE - ATT&CKcon (20)

ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat IntelligenceATTACKers Think in Graphs: Building Graphs for Threat Intelligence
ATTACKers Think in Graphs: Building Graphs for Threat Intelligence
 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
 
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by AdversariesATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
ATTACK-Onomics: Attacking the Economics Behind Techniques Used by Adversaries
 
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
Measure What Matters: How to Use MITRE ATTACK to do the Right Things in the R...
 
MITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - JanuaryMITRE ATTACKcon Power Hour - January
MITRE ATTACKcon Power Hour - January
 
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power PlantsUsing ATTACK to Create Cyber DBTS for Nuclear Power Plants
Using ATTACK to Create Cyber DBTS for Nuclear Power Plants
 
Sharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK FrameworkSharpening your Threat-Hunting Program with ATTACK Framework
Sharpening your Threat-Hunting Program with ATTACK Framework
 
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat MappingHelping Small Companies Leverage CTI with an Open Source Threat Mapping
Helping Small Companies Leverage CTI with an Open Source Threat Mapping
 
From Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have ChangedFrom Theory to Practice: How My ATTACK Perspectives Have Changed
From Theory to Practice: How My ATTACK Perspectives Have Changed
 
What's a MITRE with your Security?
What's a MITRE with your Security?What's a MITRE with your Security?
What's a MITRE with your Security?
 
ATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the MatricesATTACKing the Cloud: Hopping Between the Matrices
ATTACKing the Cloud: Hopping Between the Matrices
 
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for MobileMapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
Mapping the EventBot Mobile Banking Trojan with MITRE ATTACK for Mobile
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis Question
 
TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020TA505: A Study of High End Big Game Hunting in 2020
TA505: A Study of High End Big Game Hunting in 2020
 
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and ResearchUsing MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
Using MITRE PRE-ATTACK and ATTACK in Cybercrime Education and Research
 
Starting Over with Sub-Techniques
Starting Over with Sub-TechniquesStarting Over with Sub-Techniques
Starting Over with Sub-Techniques
 
MITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - DecemberMITRE ATTACKCon Power Hour - December
MITRE ATTACKCon Power Hour - December
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - November
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - October
 
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
MITRE ATT&CKcon 2.0: Flashback with ATT&CK: Exploring Malware History with AT...
 

Último

For World Water Day 2024, we promote the vital link between water and peace.
For World Water Day 2024, we promote the vital link between water and peace.For World Water Day 2024, we promote the vital link between water and peace.
For World Water Day 2024, we promote the vital link between water and peace.Christina Parmionova
 
Item # 5&6 - 218 Canyon Drive replat prop.
Item # 5&6 - 218 Canyon Drive replat prop.Item # 5&6 - 218 Canyon Drive replat prop.
Item # 5&6 - 218 Canyon Drive replat prop.ahcitycouncil
 
National Women's Month Celebration for PENRO Quezon
National Women's Month Celebration for PENRO QuezonNational Women's Month Celebration for PENRO Quezon
National Women's Month Celebration for PENRO QuezonAryaCapale
 
2024: The FAR, Federal Acquisition Regulations - Part 16
2024: The FAR, Federal Acquisition Regulations - Part 162024: The FAR, Federal Acquisition Regulations - Part 16
2024: The FAR, Federal Acquisition Regulations - Part 16JSchaus & Associates
 
Parents can give charity ideas for kids.
Parents can give charity ideas for kids.Parents can give charity ideas for kids.
Parents can give charity ideas for kids.SERUDS INDIA
 
Sensitivity Training for 2023 BSKE.pptx
Sensitivity Training for  2023 BSKE.pptxSensitivity Training for  2023 BSKE.pptx
Sensitivity Training for 2023 BSKE.pptxAllidaacLuap
 
Parents give a charity ideas for children
Parents give a charity ideas for childrenParents give a charity ideas for children
Parents give a charity ideas for childrenSERUDS INDIA
 
Leveraging Water for Peace - World Water Day 2024
Leveraging Water for Peace - World Water Day 2024Leveraging Water for Peace - World Water Day 2024
Leveraging Water for Peace - World Water Day 2024Christina Parmionova
 
PPT Item # 2 -- Announcements Powerpoint
PPT Item # 2 -- Announcements PowerpointPPT Item # 2 -- Announcements Powerpoint
PPT Item # 2 -- Announcements Powerpointahcitycouncil
 
Best charity ideas parents give their children’s
Best charity ideas parents give their children’sBest charity ideas parents give their children’s
Best charity ideas parents give their children’sSERUDS INDIA
 
Item # 4 - Appointment of new PW Director
Item # 4 - Appointment of new PW DirectorItem # 4 - Appointment of new PW Director
Item # 4 - Appointment of new PW Directorahcitycouncil
 
CBO’s Work on Health Care and a Call for New Research
CBO’s Work on Health Care and a Call for New ResearchCBO’s Work on Health Care and a Call for New Research
CBO’s Work on Health Care and a Call for New ResearchCongressional Budget Office
 
Living life to the full: How can we make our longer lives healthier, happier ...
Living life to the full: How can we make our longer lives healthier, happier ...Living life to the full: How can we make our longer lives healthier, happier ...
Living life to the full: How can we make our longer lives healthier, happier ...ResolutionFoundation
 
What Teenagers Have to Say about the Grandparents
What Teenagers Have to Say about the GrandparentsWhat Teenagers Have to Say about the Grandparents
What Teenagers Have to Say about the GrandparentsSERUDS INDIA
 
My Burning Issue: "War in Ukraine" Cycle 54
My Burning Issue: "War in Ukraine" Cycle 54My Burning Issue: "War in Ukraine" Cycle 54
My Burning Issue: "War in Ukraine" Cycle 54mmazurak
 
Managing Planning and Development of Citie- 26-2-24.docx
Managing Planning and  Development of  Citie-  26-2-24.docxManaging Planning and  Development of  Citie-  26-2-24.docx
Managing Planning and Development of Citie- 26-2-24.docxJIT KUMAR GUPTA
 
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS: relato de expe...
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS:  relato de expe...O Conselho Estadual de Cultura e o Incentivo à Cultura no RS:  relato de expe...
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS: relato de expe...Alvaro Santi
 
PPT Item # 5-6 218 Canyon Drive replat prop.
PPT Item # 5-6 218 Canyon Drive replat prop.PPT Item # 5-6 218 Canyon Drive replat prop.
PPT Item # 5-6 218 Canyon Drive replat prop.ahcitycouncil
 
World Happiness Report 2024- Full Report
World Happiness Report 2024- Full ReportWorld Happiness Report 2024- Full Report
World Happiness Report 2024- Full ReportEnergy for One World
 

Último (20)

For World Water Day 2024, we promote the vital link between water and peace.
For World Water Day 2024, we promote the vital link between water and peace.For World Water Day 2024, we promote the vital link between water and peace.
For World Water Day 2024, we promote the vital link between water and peace.
 
Item # 5&6 - 218 Canyon Drive replat prop.
Item # 5&6 - 218 Canyon Drive replat prop.Item # 5&6 - 218 Canyon Drive replat prop.
Item # 5&6 - 218 Canyon Drive replat prop.
 
National Women's Month Celebration for PENRO Quezon
National Women's Month Celebration for PENRO QuezonNational Women's Month Celebration for PENRO Quezon
National Women's Month Celebration for PENRO Quezon
 
2024: The FAR, Federal Acquisition Regulations - Part 16
2024: The FAR, Federal Acquisition Regulations - Part 162024: The FAR, Federal Acquisition Regulations - Part 16
2024: The FAR, Federal Acquisition Regulations - Part 16
 
Parents can give charity ideas for kids.
Parents can give charity ideas for kids.Parents can give charity ideas for kids.
Parents can give charity ideas for kids.
 
Sensitivity Training for 2023 BSKE.pptx
Sensitivity Training for  2023 BSKE.pptxSensitivity Training for  2023 BSKE.pptx
Sensitivity Training for 2023 BSKE.pptx
 
Parents give a charity ideas for children
Parents give a charity ideas for childrenParents give a charity ideas for children
Parents give a charity ideas for children
 
How to Save a Place: Become an Advocate.
How to Save a Place: Become an Advocate.How to Save a Place: Become an Advocate.
How to Save a Place: Become an Advocate.
 
Leveraging Water for Peace - World Water Day 2024
Leveraging Water for Peace - World Water Day 2024Leveraging Water for Peace - World Water Day 2024
Leveraging Water for Peace - World Water Day 2024
 
PPT Item # 2 -- Announcements Powerpoint
PPT Item # 2 -- Announcements PowerpointPPT Item # 2 -- Announcements Powerpoint
PPT Item # 2 -- Announcements Powerpoint
 
Best charity ideas parents give their children’s
Best charity ideas parents give their children’sBest charity ideas parents give their children’s
Best charity ideas parents give their children’s
 
Item # 4 - Appointment of new PW Director
Item # 4 - Appointment of new PW DirectorItem # 4 - Appointment of new PW Director
Item # 4 - Appointment of new PW Director
 
CBO’s Work on Health Care and a Call for New Research
CBO’s Work on Health Care and a Call for New ResearchCBO’s Work on Health Care and a Call for New Research
CBO’s Work on Health Care and a Call for New Research
 
Living life to the full: How can we make our longer lives healthier, happier ...
Living life to the full: How can we make our longer lives healthier, happier ...Living life to the full: How can we make our longer lives healthier, happier ...
Living life to the full: How can we make our longer lives healthier, happier ...
 
What Teenagers Have to Say about the Grandparents
What Teenagers Have to Say about the GrandparentsWhat Teenagers Have to Say about the Grandparents
What Teenagers Have to Say about the Grandparents
 
My Burning Issue: "War in Ukraine" Cycle 54
My Burning Issue: "War in Ukraine" Cycle 54My Burning Issue: "War in Ukraine" Cycle 54
My Burning Issue: "War in Ukraine" Cycle 54
 
Managing Planning and Development of Citie- 26-2-24.docx
Managing Planning and  Development of  Citie-  26-2-24.docxManaging Planning and  Development of  Citie-  26-2-24.docx
Managing Planning and Development of Citie- 26-2-24.docx
 
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS: relato de expe...
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS:  relato de expe...O Conselho Estadual de Cultura e o Incentivo à Cultura no RS:  relato de expe...
O Conselho Estadual de Cultura e o Incentivo à Cultura no RS: relato de expe...
 
PPT Item # 5-6 218 Canyon Drive replat prop.
PPT Item # 5-6 218 Canyon Drive replat prop.PPT Item # 5-6 218 Canyon Drive replat prop.
PPT Item # 5-6 218 Canyon Drive replat prop.
 
World Happiness Report 2024- Full Report
World Happiness Report 2024- Full ReportWorld Happiness Report 2024- Full Report
World Happiness Report 2024- Full Report
 

What's New with ATTACK for ICS?

  • 1. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 What’s New with ATT&CK® for ICS? Otis Alexander https://attack.mitre.org/ics @ojalexander
  • 2. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
  • 3. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
  • 4. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 ATT&CK for ICS Mitigations https://collaborate.mitre.org/attackics/index.php/Mitigations • M0800-M0816 are new to ATT&CK for ICS • Each mitigation has mappings to IEC 62443 and NIST SP 800-53 • Mitigations target the following stakeholders: • Asset owner/operators • Integrators • Device vendors • Security vendors • There is a significant focus on protecting operational and management interfaces of embedded controllers
  • 5. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 STIX and Navigator Integration •As part of ATT&CK v8, we released ATT&CK for ICS in STIX https://github.com/mitre/cti/tree/master/ics-attack •A new version of ATT&CK Navigator was released as well where you can pick the ICS domain https://mitre-attack.github.io/attack-navigator/
  • 6. What’s on the Horizon?
  • 7. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 Updates to Data Sources • Maintaining visibility into ICS networks is essential for quickly detecting and remediating cyber threats. • Understanding the various data sources that are available in ICS networks is key to this endeavor. Network traffic is a popular source of data in ICS networks but there are other valuable sources of data that are often overlooked. • Embedded device logs • Application logs • Operational databases
  • 8. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 Data Sources Configuration • Firmware version • System settings • Control logic • Parameters Performance and Statistics • CPU, memory, disk, ethernet, etc. • Network connection information Process Information • I/O values associated with tags • Alarms and faults (e.g., digital fault recorder) • Events (e.g., command execution) • Process quality (e.g., phasor measurement unit) Asset Management • Condition-based monitoring • Predictive maintenance • Work order system Physical • Physical sensors (e.g., tamper detection)
  • 9. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 ICS Attacks Mapped to Enterprise • We’re currently working on mapping the following ICS attacks: • Stuxnet • Ukraine 2015 • Industroyer • Triton • Adversaries do not respect theoretical boundaries (i.e., IT/ICS) so it is important to have a deep understanding of how IT platforms are leveraged to access and impact ICS.
  • 10. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 We Need Your Help! •How can we improve ATT&CK for ICS? •How are you currently using mitigations? •Do you have any opinions on our data source focus?
  • 11. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 attack@mitre.org @MITREattack Otis Alexander @ojalexander