MITRE Att&ck stands for Adversarial Tactics, Techniques, and Common Knowledge. It is a knowledge base of adversary tactics and techniques that help inform the cybersecurity industry. MITRE recently released an Att&ck knowledge base specifically designed for industrial control systems (ICS). ICS are found in industries such as electric, water, wastewater, oil and natural gas, transportation, chemical, pharmaceutical, and various manufacturing sectors. These systems enable the regular automation of key processes that everyone relies on, and any compromise on their operation could impact the health and safety of humans.
According to the MITRE Att&ck document, adversary TTPs associated with ATT&CK for ICS fall under the following broad categories:
Blocked or delayed flow of information through ICS networks, which could disrupt ICS operation.
Unauthorized changes to instructions, commands, or alarm thresholds—potentially damaging equipment, creating environmental impacts, and/or endangering human life.
Inaccurate information sent to system operators, either to disguise unauthorized changes or to cause the operators to initiate inappropriate actions, generating negative effects.
ICS software or configuration settings modified, or ICS software infected with malware, producing negative effects.
Interference with the operation of equipment protection systems, endangering costly and difficult-to-replace equipment.
Interference with the operation of safety systems, potentially harming human life.
Our goal is to share the MITRE Att&ck walk-through, and their mitigation techniques as we explain the Supply Chain Compromise.
Supply Chain Compromise is utilized by adversaries to gain access to control systems via infected products, software, and workflows. The idea is to infect products or mechanisms before they reach the end consumer in order to compromise the data or system. This compromise can occur at any stage in the supply chain. Adversaries may choose to execute altering software on third-party or vendor websites. If you possess assets in IT and OT, a supply chain compromise targeting IT could pose a risk to OT.
Since MITRE does not list any mitigation techniques for this topic, we’d like to offer our solutions.
Remote access has become a necessity to organizations operating ICS. Your time matters, and your systems should work. Invest in a remote access system built from the ground up for industrial control networks, uniquely secured with moving target defense, with no compromises on security.
Ask us questions or get your demo at https://dispel.io