ATT&CK for ICS is a knowledge base useful for describing the actions an adversary may take while operating within an ICS network. The knowledge base can be used to better characterize and describe post-compromise adversary behavior.
The MITRE ATT&CK for ICS Matrix is an overview of the tactics and techniques described in the ATT&CK for ICS knowledge base. It visually aligns individual techniques under the tactics in which they can be applied. Some techniques span more than one tactic because they can be used for different purposes.
The tactics can be split into three main categories:
- Reconnaissance and Attack Staging – Initial access, Execution, Persistence, Evasion, Discovery, Lateral Movement, Collection, Command and Control
- Attack Execution – Inhibit Response Function, Impair Process Control
- Attack Impact – Impact