Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

What's New with ATTACK for ICS?

From MITRE ATT&CKcon Power Hour December 2020

By Otis Alexander, Principal Cybersecurity Engineer, MITRE

Otis Alexander is a Principal Cyber Security Engineer at the MITRE Corporation and has worked in the areas of security engineering and research, analytic development, and adversary modeling and emulation. Otis is a co-creator of ATT&CK for ICS and has been leading the project since its inception. He also leads an effort to bring MITRE ATT&CK Evaluations to ICS security vendors providing anomaly and threat detection solutions. He advocates for network and host visibility in operational technology environments to increase the situational awareness of defenders.

  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

What's New with ATTACK for ICS?

  1. 1. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 What’s New with ATT&CK® for ICS? Otis Alexander https://attack.mitre.org/ics @ojalexander
  2. 2. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
  3. 3. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17
  4. 4. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 ATT&CK for ICS Mitigations https://collaborate.mitre.org/attackics/index.php/Mitigations • M0800-M0816 are new to ATT&CK for ICS • Each mitigation has mappings to IEC 62443 and NIST SP 800-53 • Mitigations target the following stakeholders: • Asset owner/operators • Integrators • Device vendors • Security vendors • There is a significant focus on protecting operational and management interfaces of embedded controllers
  5. 5. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 STIX and Navigator Integration •As part of ATT&CK v8, we released ATT&CK for ICS in STIX https://github.com/mitre/cti/tree/master/ics-attack •A new version of ATT&CK Navigator was released as well where you can pick the ICS domain https://mitre-attack.github.io/attack-navigator/
  6. 6. What’s on the Horizon?
  7. 7. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 Updates to Data Sources • Maintaining visibility into ICS networks is essential for quickly detecting and remediating cyber threats. • Understanding the various data sources that are available in ICS networks is key to this endeavor. Network traffic is a popular source of data in ICS networks but there are other valuable sources of data that are often overlooked. • Embedded device logs • Application logs • Operational databases
  8. 8. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 Data Sources Configuration • Firmware version • System settings • Control logic • Parameters Performance and Statistics • CPU, memory, disk, ethernet, etc. • Network connection information Process Information • I/O values associated with tags • Alarms and faults (e.g., digital fault recorder) • Events (e.g., command execution) • Process quality (e.g., phasor measurement unit) Asset Management • Condition-based monitoring • Predictive maintenance • Work order system Physical • Physical sensors (e.g., tamper detection)
  9. 9. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 ICS Attacks Mapped to Enterprise • We’re currently working on mapping the following ICS attacks: • Stuxnet • Ukraine 2015 • Industroyer • Triton • Adversaries do not respect theoretical boundaries (i.e., IT/ICS) so it is important to have a deep understanding of how IT platforms are leveraged to access and impact ICS.
  10. 10. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 We Need Your Help! •How can we improve ATT&CK for ICS? •How are you currently using mitigations? •Do you have any opinions on our data source focus?
  11. 11. ©2020 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public release. Distribution unlimited 20-00841-17 attack@mitre.org @MITREattack Otis Alexander @ojalexander

×