Skip to main content

Austin Scott at S4x20: Mapping Incidents to ICS ATT&CK

MITRE ATT&CK for ICS is a community-sourced framework for identifying malicious threat behaviors, specifically the tactics and techniques of the adversaries, in industrial control systems (ICS). When industrial cybersecurity defenders and tools map their detection mechanisms to MITRE ATT&CK for ICS, they are able to more efficiently and consistently anticipate and counter ICS threats.

Dragos significantly contributed to this community-supported knowledge base with findings from our technology customers and insights from our services and intelligence efforts. Dragos maps its technology and services to MITRE ATT&CK for ICS and is the first ICS cybersecurity vendor to fully integrate MITRE ATT&CK for ICS into its platform.

This video, from Principal Industrial Responder Austin Scott’s S4x20 presentation, discusses how he mapped the 11 adversary groups that Dragos follows across the 11 ATT&CK for ICS tactics and provides a detailed example of the threat activity group behind TRISIS. This example maps both the tactics and techniques and shows how you could expand this example to be prepared to look for future attacks on different vendor safety systems.

Discover More Resources Using Keyword Tags
Austin Scott MITRE ATT&CK

Never miss the latest ICS news and insights from our experts.


Watch the next video

Play Button

Julian Gutmanis at RSAC Sydney


View more videos

Right Arrow

Ready to put your insights into action?

Take the next steps and contact our team today.