MITRE ATT&CK® stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). The MITRE ATT&CK framework is a curated knowledge base and model for cyber adversary behavior. It reflects the various phases of an adversary’s attack lifecycle and the platforms they are known to target.
As cyber threats become increasingly sophisticated, the need for robust and adaptable defense tools has never been more critical. Organizations utilize the MITRE ATT&CK framework to enhance their cybersecurity strategies by using the catalog of adversary tactics, techniques, and procedures (TTPs).
This framework enables cybersecurity teams to map detected threats to specific TTPs, facilitating a deeper understanding of attack vectors and improving threat intelligence.
It also plays a critical role in threat hunting, incident response, and enhancing detection and prevention systems. By aligning their security measures with the framework, organizations can identify gaps in their defenses, streamline their response efforts, and improve situational awareness.
The MITRE ATT&CK framework also fosters collaboration and information sharing among organizations, providing a common language to collectively enhance defenses against cyber threats. The tactics and techniques in the model provide a common taxonomy of real-world cyber threats from both offensive and defensive sides of cybersecurity. It also provides an appropriate level of categorization for adversary action and specific ways of defending against it.
Mitre Engeuinty created ATT&CK Workbench, allowing us and other organizations to manage and extend their local version of ATT&CK and keep it in sync with MITRE’s knowledge base. Why do we want to do that? So that our organization’s specific threat intelligence is aligned with the public ATT&CK knowledge base.
BreakPoint Labs has developed an Additive Manufacturing (AM) ATT&CK framework sponsored by the US Army Engineer Research and Development Center (ERDC). Through research and testing, we identified over 40 ways that AM processes could be targeted by cyber attacks. Then, starting with the current Industrial Control Systems (ICS) ATT&CK framework we modified the framework to include the 40+ new sub techniques. The AM framework’s techniques and sub-techniques map directly to BISON detectors. BISON is BreakPoint Labs cybersecurity for AM tool.
Along the top of the matrix are 12 Tactics (Figure 1). These represent the “why” or the goal of an attack. They include Discovery, Collection, Initial Access, impact, impair process control.
The techniques and sub-techniques (Figure 2) are “how” the goal is achieved.
Each sub-technique in the matrix can be expanded to find out more information.
For example, here (Figure 3), we see details of a critical severity cyber attack. The Hot End Crash (Fire Hazard & Physical Damage) – Z motors will crash the hot end assembly from its current height down into the print bed. This situation is extremely dangerous as the heated nozzle will be sunk into any material that has been deposited, causing a fire risk.
The manufacturing industry has been and will be subject to cyber attacks. Malicious cyber actors can easily sabotage AM processes. Visibility into AM processes so we can respond quickly and in a forensically sound manner to cyber attacks. The ATT&CK Framework can provide insight into existing security gaps and highlight the need for specific countermeasures and/or defensive capabilities. It’s tied to real-world events to help communicate and quantify risk to AM environments.
If you are interested in learning more about securing Additive Manufacturing or a demonstration of BreakPoint Lab’s BISON AM solution capability, please contact us at info@breakpoint-labs.ocean5strategies.com