Amy L. Robertson, deputy lead for MITRE's ATT&CK framework, was quoted about the launch of ATT&CK v18 in Industrial Cyber. The update introduces new asset objects to the framework, enhancing its ability to address industrial equipment and attack scenarios. Robertson highlighted the importance of these updates in aligning with sector-specific terminology and improving the framework's usability for defenders.
Robertson explained, "Assets, operational devices, and infrastructure in ICS networks have been part of ATT&CK for a while, but naming varies across sectors. This can make it difficult to reference the same device consistently." She emphasized the introduction of the "related assets" field, which links sector-specific terms to similar functions and adversary techniques, providing much-needed clarity and context.
The ATT&CK v18 release also includes updates to existing assets and introduces three new ones: Distributed Control System (DCS) Controllers, Firewalls, and Switches. Robertson noted, "These updates also provide examples of other equipment you may encounter, even if it isn't designated as a core asset object, helping you identify devices in your own environment." The changes aim to better reflect real-world configurations and improve defenders' ability to map threats to specific devices.
Looking ahead, Robertson shared that MITRE is already working on ATT&CK v19, focusing on refining detection strategies and expanding asset coverage. She also announced the launch of the ATT&CK Advisory Council, a community-driven initiative to formalize input on the framework's direction. This council will ensure ATT&CK remains a valuable resource for cybersecurity professionals worldwide.