Leveraging the MITRE ATT&CK Framework for Threat Identification and Evaluation in Industrial Control System Simulations

• Published in: 2024 35th Irish Signals and Systems Conference (ISSC) pp. 1 - 6
• Main Authors: Ekisa, Conrad, O Briain, Diarmuid, Kavanagh, Yvonne
• Format: Conference Proceeding
• Language: English
• Published: IEEE 13.06.2024
• Subjects: Computer security; Critical infrastructure; Cyberattack; Cybersecurity; ICS; Industrial control; Integrated circuit modeling; MITRE ATT &CK; Reviews; Systems simulation; Testbed; Threat assessment
• ISSN: 2688-1454
• DOI: 10.1109/ISSC61953.2024.10602968

Cyberattack matrices, such as the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, play a pivotal role in both understanding and defending against complex cybersecurity threats. These frameworks offer a structured and comprehensive catalog of known adversary behaviours and techniques. This paper extends the insights from "Modelling and Simulating Advanced Cyber-threats to Industrial Control Systems with an Emulated Testbed" by aligning the demonstrated attack techniques with the MITRE ATT &CK frameworks for both Enterprise and Industrial Control Systems (ICS). The objective is to categorically map where these techniques intersect with the Tactics, Techniques, and Procedures (TTP) outlined in the MITRE framework, highlighting synergies and distinctions between cybersecurity threats in Enterprise Information Technology (IT) and ICS environments. Highlighting the synergies and distinctions between IT and Operational Technology (OT) in cybersecurity is crucial because it helps in understanding the unique threats, vulnerabilities, and security practices applicable to each domain. Through a comprehensive comparison, this paper aims to illuminate the extent to which the simulated cyberattack methodologies are represented within both frameworks, thereby offering a dual perspective on the cybersecurity landscape. This detailed examination of the MITRE ATT &CK framework against a simulated cyber attack scenario not only reinforces the relevance of the cybersecurity testbeds such as the Virtualised ICS Open-source Research Testbed (VICSORT) in the broader context of recognised cybersecurity models but also underscores the criticality of adopting a unified view of threat intelligence that bridges the gap between IT and OT security paradigms. The findings seek to contribute towards demonstrating the relevance of the MITRE ATT &CK framework in understanding cyberattack methodology. They also contribute towards the ongoing discourse in cybersecurity, particularly in enhancing cross-domain understanding and developing integrated defensive strategies against the sophisticated cyber threats of today and tomorrow.