Engineer on a laptop at an oil refinery

Protecting Critical Infrastructure from Cyber Threats

As adversaries grow more sophisticated and ambitious, our vital infrastructure faces a growing threat of cyber attacks. To help protect industrial control systems, MITRE released ATT&CK for ICS.

Electricity. Clean water. Reliable energy. These are conveniences we’ve come to know and expect in our modern society.

It’s easy to forget how important they are until we lose access to them.

Of course, there's always the damage caused by natural disasters and physical attacks to worry about. But as the industrial control systems (ICS) that operate our nation’s critical infrastructure become more sophisticated, the threats posed by cyber attackers are also a major concern.

When cyber attackers threaten our energy transmission and distribution plants, oil refineries, and wastewater plants, the breaches can quickly become a direct threat to human life and the physical environment.

Fortunately, MITRE released ATT&CK for ICS in January 2020. Designed to contribute to a safer cyber environment for industrial control systems, ATT&CK for ICS helps ensure that industrial organizations are equipped for, and protected against, potential cyber threats, especially in these changing times.

ATT&CK for ICS is one of the latest iterations of MITRE ATT&CK® for Enterprise, a globally accessible knowledge base of adversary tactics and techniques. MITRE ATT&CK is used by a range of government organizations and industry sectors, including finance, technology, retail, and healthcare.

Growing Threats for Industrial Control Systems

When cyber criminals target industrial control systems, they can cause catastrophic power shutdowns. For example, the series of attacks on portions of the Ukrainian power grid in 2015 and 2016, which left control centers nationwide not fully operational for months, set an ominous precedent for power grid security.

Otis Alexander, a MITRE principal cybersecurity engineer, is co-creator of ATT&CK for ICS and has led the project since its inception. “After the Ukrainian incidents, demand to understand how the ATT&CK structure and methodology could be applied to the ICS tech domain began to grow,” says Alexander. “Immediately, we challenged ourselves to investigate how well attacks against industrial control systems map to the existing knowledge base.”

ATT&CK for ICS shines a light on threats resulting from attacks on systems that help operate key industrial processes. Because system operators use specialized applications and protocols to interface with physical equipment, ATT&CK for ICS highlights their unique aspects and potential vulnerabilities.

For defenders, ATT&CK for ICS helps establish a standard language for security experts to use as they report incidents and work to improve incident response.

The result? A big win for frontline ICS network defenders. With a common lexicon for categorizing ICS-specific cyber threats and techniques, ATT&CK for ICS helps support reporting and further analysis—and, ultimately, a safer infrastructure.

“ATT&CK for ICS captures and defines distinctions in ICS environments, from tactics and techniques to domain-specific assets and technology,” Alexander explains. “It’s this focus that defines ATT&CK for ICS as a unique and vital knowledge base in the ATT&CK ecosystem.”

ATT&CK: Always Evolving to Protect Crucial Systems

MITRE ATT&CK is constantly being reimagined based on the latest cybersecurity threats and trends. And ATT&CK continues to set the standard by which industry leaders and major corporations evaluate their cyber defense effectiveness.

Organizations such as Microsoft, McAfee, BlackBerry, and CrowdStrike publicly highlighted their performance against the ATT&CK evaluation to add credibility to their cybersecurity products and services. Alex Stamos, former chief security officer of Facebook, called ATT&CK “an extremely useful resource for companies trying to explore all of the areas they should be considering.”

Cyber adversaries threaten nearly every part of our lives. From election security to medical information to financial institutions to critical infrastructure, understanding how adversaries attempt to infiltrate targets has made users safer and more secure. Every single day, these threats become more sophisticated and targeted.

By getting ahead of the threats with ATT&CK for ICS, critical infrastructure providers can focus on improving their services and protecting their employees instead of being forced to pay out millions of dollars to remediate damages.

“As more organizations adopt ATT&CK for ICS, existing uses will further develop and new ones may arise, to the benefit of the entire ICS community,” says Alexander. “We want users to have confidence in the knowledge base, understand how to use it, and recognize how they can shape its growth.”