Skip to main content
Whitepaper

MITRE Engenuity ATT&CK® Evaluations for ICS: Retrospective & Results

Austin Scott Ben Miller

By Austin Scott, Ben Miller

07.16.21
c

The MITRE Engenuity ATT&CK® Evaluations for Industrial Control Systems (ICS) is the first evaluation of the ICS threat detection market and simulates an attack against an operational technology (OT) environment. MITRE Engenuity used the MITRE ATT&CK knowledge base to emulate the tactics, techniques, and procedures (TTPs) associated with the TRISIS (aka Triton) malware. The malware has been used to compromise industrial systems around the world, including oil and gas and electrical plants in the Middle East, Europe, and North America.

This whitepaper details the simulation of a realistic multi-phase attack scenario used in the ATT&CK Evaluations, provides a day-by-day breakdown of the threat behaviors and techniques, and highlights how the Dragos Platform technology identified adversary behavior.

Read the whitepaper to learn more about:

  • The emulation of XENOTIME, a real-world threat activity group tracked by Dragos
  • Insights from the 5-day simulated attack
  • How Dragos tracked the adversary through the MITRE ATT&CK for ICS framework
SKIP
Discover More Resources Using Keyword Tags
Austin Scott Ben Miller Dragos Platform MITRE ATT&CK

Discover more resources.

Explore more resources to support you on your ICS cybersecurity journey.

VIEW MORE RESOURCES

Read our next whitepaper

whitepapers
Bow Tie Model Daniel Michaud-Soucy Josh Carlson OSIsoft Risk Management

Using Bow Tie Risk Modeling for Industrial Cybersecurity

Josh Carlson
View Whitepaper
Right Arrow

View more whitepapers

Right Arrow

See the Dragos Platform in Action

Take the next step to protect your OT environment now with a free demo

Request a Platform Demo