MITRE ATT&CK for ICS: Improving Threat Detection and Response in Industrial Control Systems

Explore the MITRE ATT&CK framework for Industrial Control Systems (ICS) in this 45-minute webinar. Gain insights into how ICS network defenders can leverage a common lexicon for categorizing ICS-specific techniques and threat behaviors to enhance threat detection and response capabilities. Delve into the structure of ATT&CK, its application in ICS environments, and the process of mapping behaviors to tactics and techniques. Learn about threat intelligence mapping, assessing coverage, and identifying adversary methodologies across various ICS attack stages. Discover how to develop comprehensive threat detection strategies, engage with the community, and stay ahead of evolving adversary tactics in the ICS cybersecurity landscape.

Intro
What is MITRE?
Announcing ATT&CK for ICS
What is Dragos?
Agenda
What is ATT&CK?
Breaking Down ATT&CK
Motivation for ATT&CK for ICS
ATT&CK for ICS Technique Matrix
Process of Mapping to ATT&CK
Find the Behavior
Research the Behavior
Translate the Behavior into a Tactic
Figure Out What Technique Applies
Threat Intel Mapping
Assessing Coverage
Identify Adversary Methodology
ICS Access
Intrusion, Recon, & Control
Attack Delivery & Execution
ICS-Specific Impacts
Mapping ICS Threats to ATT&CK
Typical Defense Development
Alternative: Identify 'Weird'
Problem: No Context
Identifying Threat Behaviors
ATT&CK and Threat Behaviors
Complete Threat Detection
Continuous Development
Community Engagement
Continued Adversary Evolution
Mapping ATT&CK to ICS Threats
References & Resources