ICS  ATT&CK Matrix for Enterprise  PRE-ATT&CK Techniques  Mobile Techniques  ICS

The MITRE ATT&CK for ICS Matrix™ is an overview of the tactics and techniques described in the ATT&CK for ICS knowledge base. It visually aligns individual techniques under the tactics in which they can be applied. Some techniques span more than one tactic because they can be used for different purposes.

Initial Access

Execution

Persistence

Evasion

Discovery

Lateral Movement

Collection

Command and Control

Inhibit Response Function

Impair Process Control

Impact

Data Historian Compromise

Change Program State

Hooking

Exploitation for Evasion

Control Device Identification

Default Credentials

Automated Collection

Commonly Used Port

Activate Firmware Update Mode

Brute Force I/O

Damage to Property

Drive-by Compromise

Command-Line Interface

Module Firmware

Indicator Removal on Host

I/O Module Discovery

Exploitation of Remote Services

Data from Information Repositories

Connection Proxy

Alarm Suppression

Change Program State

Denial of Control

Engineering Workstation Compromise

Execution through API

Program Download

Masquerading

Network Connection Enumeration

External Remote Services

Detect Operating Mode

Standard Application Layer Protocol

Block Command Message

Masquerading

Denial of View

Exploit Public-Facing Application

Graphical User Interface

Project File Infection

Rogue Master Device

Network Service Scanning

Program Organization Units

Detect Program State

 

Block Reporting Message

Modify Control Logic

Loss of Availability

External Remote Services

Man in the Middle

System Firmware

Rootkit

Network Sniffing

Remote File Copy

I/O Image

 

Block Serial COM

Modify Parameter

Loss of Control

Internet Accessible Device

Program Organization Units

Valid Accounts

Spoof Reporting Message

Remote System Discovery

Valid Accounts

Location Identification

 

Data Destruction

Module Firmware

Loss of Productivity and Revenue

Replication Through Removable Media

Project File Infection

 

Utilize/Change Operating Mode

Serial Connection Enumeration

 

Monitor Process State

 

Denial of Service

Program Download

Loss of Safety

Spearphishing Attachment

Scripting

       

Point & Tag Identification

 

Device Restart/Shutdown

Rogue Master Device

Loss of View

Supply Chain Compromise

User Execution

       

Program Upload

 

Manipulate I/O Image

Service Stop

Manipulation of Control

Wireless Compromise

         

Role Identification

 

Modify Alarm Settings

Spoof Reporting Message

Manipulation of View

           

Screen Capture

 

Modify Control Logic

Unauthorized Command Message

Theft of Operational Information

               

Program Download

   
               

Rootkit

   
               

System Firmware

   
               

Utilize/Change Operating Mode