@inproceedings{e6a74ca20c7044a39b8476f0bf031861,
title = "Leveraging the MITRE ATT&CK Framework for Threat Identification and Evaluation in Industrial Control System Simulations",
abstract = "Cyberattack matrices, such as the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) framework, play a pivotal role in both understanding and defending against complex cybersecurity threats. These frameworks offer a structured and comprehensive catalog of known adversary behaviours and techniques. This paper extends the insights from 'Modelling and Simulating Advanced Cyber-threats to Industrial Control Systems with an Emulated Testbed' by aligning the demonstrated attack techniques with the MITRE ATT &CK frameworks for both Enterprise and Industrial Control Systems (ICS). The objective is to categorically map where these techniques intersect with the Tactics, Techniques, and Procedures (TTP) outlined in the MITRE framework, highlighting synergies and distinctions between cybersecurity threats in Enterprise Information Technology (IT) and ICS environments. Highlighting the synergies and distinctions between IT and Operational Technology (OT) in cybersecurity is crucial because it helps in understanding the unique threats, vulnerabilities, and security practices applicable to each domain. Through a comprehensive comparison, this paper aims to illuminate the extent to which the simulated cyberattack methodologies are represented within both frameworks, thereby offering a dual perspective on the cybersecurity landscape. This detailed examination of the MITRE ATT &CK framework against a simulated cyber attack scenario not only reinforces the relevance of the cybersecurity testbeds such as the Virtualised ICS Open-source Research Testbed (VICSORT) in the broader context of recognised cybersecurity models but also underscores the criticality of adopting a unified view of threat intelligence that bridges the gap between IT and OT security paradigms. The findings seek to contribute towards demonstrating the relevance of the MITRE ATT &CK framework in understanding cyberattack methodology. They also contribute towards the ongoing discourse in cybersecurity, particularly in enhancing cross-domain understanding and developing integrated defensive strategies against the sophisticated cyber threats of today and tomorrow.",
keywords = "Cybersecurity, ICS, MITRE ATT &CK, OT, Testbed, ─Cyberattack",
author = "Conrad Ekisa and Briain, {Diarmuid O.} and Yvonne Kavanagh",
note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 35th Irish Systems and Signals Conference, ISSC 2024 ; Conference date: 13-06-2024 Through 14-06-2024",
year = "2024",
month = jun,
day = "13",
doi = "10.1109/issc61953.2024.10602968",
language = "English",
series = "2024 35th Irish Signals and Systems Conference (ISSC)",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
editor = "Huiru Zheng and Ian Cleland and Adrian Moore and Haiying Wang and David Glass and Joe Rafferty and Raymond Bond and Jonathan Wallace",
booktitle = "Proceedings of the 35th Irish Systems and Signals Conference, ISSC 2024",
address = "United States",
}