Defending Operational Technology (OT) with ATT&CK is a Center for Threat-Informed Defense (Center) project that provides a customized collection of MITRE ATT&CK® techniques tailored to the attack surface and threat model for OT environments. A typical OT environment spans multiple platforms (e.g., Linux and Microsoft Azure) and even spans technology domains (e.g., Enterprise and ICS). These complex environments require cyber defenders to track adversary behaviors that are defined across multiple matrices and platforms in the ATT&CK knowledgebase. Keeping track of techniques across different ATT&CK matrices can be difficult, and some techniques may not apply to a particular environment or architecture. To that end, this project defines a reference architecture and a corresponding attack surface, then creates mappings of relevant techniques from multiple matrices to provide a single, convenient collection of resources. The resultant collection can be used by organizations that use OT to understand and describe adversary activities and impact on assets across an environment, conduct strategic adversarial simulations, evaluate and employ security controls for real-world adversary behaviors, and conduct cyber tabletop excerises.
Table Of Contents:
Go to the project website to learn all about the Defending OT With ATT&CK project and its deliverables. In particular, the Threat Collection is a dataset that can be loaded into ATT&CK Workbench.
| Resource | Description |
|---|---|
| Project Website | The project website describes the reference architecture, methodology, threat collection, and usage. |
| Threat Collection | A custom threat collection for ATT&CK Workbench. Also available in Excel and JSON formats. |
There are several ways that you can get involved with this project and help advance threat-informed defense.
- Visit the project website. Use the website to learn about the methodology, findings, and deliverables for this project.
- Use it with ATT&CK Workbench. For ATT&CK Workbench users, import the threat collection from this project into your Workbench so that you can integrate OT planning into your overall workflow
- Spread the word. Share your feedback and thoughts on the project with your colleagues and industry peers.
We welcome your feedback and contributions to help advance Mappings Explorer. Please see the guidance for contributors if are you interested in contributing or simply reporting issues.
Please submit issues for any technical questions/concerns or contact [email protected] directly for more general inquiries.
© 2024 MITRE Engenuity. Approved for public release. Document number(s) CT0121.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.