ICS 2022

One of the biggest challenges for operational technology (OT) system cyber defenders is the lack of open-source information on cyber incidents impacting sector industrial control systems (ICS), systems putting defenders at a knowledge disadvantage. Understanding potential threats to the overall organization and critical infrastructure is crucial to preventing and responding to incidents.  

Credible failure scenarios can be used to augment the available incident information with a focus on attacks that can cause a physical impact on control systems resulting in the loss of availability, equipment damage, human causalities, loss of revenue etc. EPRI and MITRE will present a Framework for the Use of Potential Cyber Attack Scenarios to Guide Incident Response. The framework makes use of potential cyberattack scenarios to guide incident response that includes analyzing potential failure scenarios, defining associated cyber-attack TTPs using the ATT&CK framework, identifying required data sources, defining representative analytics for detection, identifying potential incident response actions and identifying potential mitigations. The results of failure scenario analysis from a cyber adversary perspective have broad application to ICS environments providing valuable data to enable detection and response to significant cyber attack TTP. Performing trend analysis across scenarios provides additional and significant benefits to include the identification of common adversary TTPs that will aid in prioritizing mitigations. EPRI and MITRE will present on this Framework in the context of energy sector scenarios.