TLDR:
- MITRE, in collaboration with partners, has developed Defending OT with ATT&CK to identify and defend against adversarial techniques in critical infrastructure.
- The resources include threat model methodology, reference architecture, and a threat collection of unique adversary behaviors.
Non-profit organization MITRE has collaborated with AttackIQ, Booz Allen Hamilton, Ensign InfoSecurity, Global Cyber Alliance, and Siemens to create Defending OT with ATT&CK. This initiative aims to help organizations in critical infrastructure evaluate and employ security controls against real-world adversary behaviors targeting IT and OT systems. The resources developed by MITRE include threat model methodology, reference architecture, and a threat collection of unique adversary behaviors. These resources are crucial for implementing defensive measures and enhancing security posture across critical installations.
The reference architecture provided by Defending OT with ATT&CK helps visualize technologies within IT/OT environments and evaluate security boundaries between different operational zones. The threat collection, comprising 251 techniques and 441 sub-techniques, can be used to plan and employ mitigating security controls against adversarial techniques. Additionally, these resources offer organizations the framework to conduct threat intelligence mapping, red teaming, penetration testing, and collaborative cyber tabletop exercises to assess adversarial risks.