Operational Technology (OT) and Industrial Control Systems (ICS) have long been used in industrial environments to monitor and automate physical processes and mission-critical operations. These systems form the foundational building blocks for some of our most critical infrastructure and support essential societal functions, such as power generation, wastewater treatment, public transportation, industrial manufacturing, resource mining, oil and gas, and telecommunications.

The last decade has seen a gradual uptick in global cyber threat actor motivation for targeting special-purpose OT networks. This trend is expected to accelerate in the current decade. The rising threat profile is based on a combination of factors but primarily driven by the iterative advancement of physical automation and digital communication at multiple levels of industrial operations. The growing level of automation and connectivity has broad benefits for efficiency, reliability, and productivity; however, it also has an unintended consequence of increasing cost-benefit for OT threat actors.

Mandiant Approach

  • De-chained (phase by phase checkpoint based) execution across different levels of OT networks
  • Define and agree upon rules of engagement and requirements across each phase of the exercise
  • Emulation of real-world C2 traffic that is representative of targeted attack lifecycle and MITRE ATT&CK Framework