Industrial Orchestration Platform Powered by ATT&CK for ICS
The ICS MITRE ATT&CK framework is a valuable knowledge base of tactics and techniques that are commonly used by attackers targeting industrial networks.
OTORIO’s research group contributes intelligence data to the ICS ATT&CK knowledge base. As part of this initiative, OTORIO’s researchers have expanded MITRE’s open-source cybersecurity breach-and-attack simulation platform (CALDERA) and created, on top of it, the first ICS adversary emulation platform (OT-CALDERA).
With the MITRE ATT&CK for ICS framework integrated into its “analyst-in-a-box” algorithm, OTORIO RAM² offers enriched alerts and insights that cannot be provided otherwise. Taking advantage of ICS ATT&CK intelligence, RAM² correlates various events into meaningful insights identifying riskier patterns and describing attacker intentions and methods. RAM² also provides clear and feasible mitigation instructions, created with the unique industrial environment in mind.
In this paper, OTORIO presents an easy way to integrate the MITRE ATT&CK ICS framework into your every-day industrial cybersecurity practices.