Detecting Malicious Behavior in SCADA environments

MITRE will discuss its ATT&CK framework for the SCADA environment that categorizes the tactics and techniques adversaries use for malicious activities. By taking on the adversary’s perspective, ATT&CK decouples the problem from the solution and helps transform defender thinking from focusing on indicators adversaries leave behind to their actions. Building a threat model for SCADA systems, e.g. ATT&CK for SCADA will enable the industry to prioritize and enhance defenses, sharing threat information relative to adversary tactics and techniques, and enable more effective incident response. The presentation will include associated use cases of past and recent incidents.