Attacks are versatile and complex
MITRE ATT&CK® for ICS is the most specific database to date for identifying, defining, and combating professional cyberattacks in OT networks. It illustrates the multiple ways attackers can gain access to an industrial network and disrupt its processes.
The framework provides a sound basis for operators to monitor their infrastructures for security vulnerabilities and suspicious activities.
There are a dozen ways into the OT
As of October 2022, → MITRE ATT&CK® for ICS documents 14 tactics and 88 attack techniques from initial access to impact in industrial infrastructures. The techniques reflect activities as deployed primarily by well-funded Advanced Persistent Threats. The chart on the left supplements these with the preceding tactics (or phases) reconnaissance and resource development documented in the MITRE ATT&CK® (for IT).
The matrix shows the diversity and complexity of attack patterns. But it also shows that attacks on ICS & OT are not a no-brainer, but require time and resources. Therein lies an opportunity for operators of industrial infrastructure.
The goal must be to detect and localize attackers' activities within the OT in the early phases. After all, early detection of attacks in the OT enables timely mitigation before critical processes are disrupted. Rhebo solutions detects or can help to detect all 88 attack techniques.
Detect cyberattacks in real-time with Rhebo OT monitoring & anomaly detection
Rhebo OT monitoring with anomaly detection monitors all communication within, to and from the operational technology 24/7 (see graphic). The monitoring is integrated non-intrusively and passively at key points of the OT.
Any communication that indicates cyberattacks, tampering, espionage or technical error conditions is reported in real time. This allows early detection of progressive attack patterns as outlined by the MITRE ATT&CK for ICS framework.