MITRE ATT&CK ICS

MITRE ATT&CK® for Industrial Control Systems

FrameworkInternational

MITRE ATT&CK for ICS is a knowledge base of adversary tactics and techniques specific to industrial control systems. Version 18 documents 12 tactics and 83 techniques observed in real-world attacks against OT environments. It enables threat-informed defence by mapping adversary behaviour to detection and mitigation strategies.

Also explore

GDPR DORA NIS2 SOC 2 HIPAA PCI DSS ISO 27001 CMMC IEC 62443 NERC CIP CISA CPGs Saudi OTCC NIST CSF 2.0 NIST 800-53 NIST 800-171 CIS Controls CSA CCM CSA CAIQ

Tactics

Techniques

v18

Current (Oct 2025)

ICS

Specific Matrix

Who Needs to Comply

OT/ICS Security Teams

Threat hunting and detection engineering in industrial environments
Security Operations Centre (SOC) analysts covering OT networks
Red/purple team practitioners testing ICS defences
Incident responders investigating OT-specific attacks

Critical Infrastructure Operators

Energy, water, and manufacturing using ICS/SCADA/DCS systems
Transportation and logistics with automated control systems
Organizations building OT threat models and risk assessments
Compliance teams mapping controls to adversary techniques

Key Compliance Areas

TA0108-TA0104

Initial Access & Execution

Drive-by compromise, exploiting remote services, engineering workstation compromise, spearphishing, and command-line interface execution in OT environments.

TA0110-TA0109

Persistence & Lateral Movement

Module firmware tampering, valid accounts abuse, remote services exploitation, default credentials, and lateral tool transfer between IT and OT networks.

TA0100-TA0114

Collection & Command and Control

Automated data collection, screen capture, data from information repositories, program upload, and C2 communications through commonly used OT protocols.

TA0105

Impact

Damage to property, denial of control/view/service, loss of availability/control/productivity/safety, and manipulation of control or view in physical processes.

How Orizon Helps

Environment Mapping

Map ICS assets (PLCs, HMIs, RTUs, engineering workstations) to the ATT&CK ICS matrix and identify applicable techniques.

Threat Profile Development

Identify relevant threat groups and their known TTPs against your sector using ATT&CK threat group profiles.

Detection Gap Analysis

Map current detection capabilities against each applicable technique to identify blind spots.

Detection Rule Development

Create detection rules and analytics aligned to prioritized techniques using ATT&CK data sources.

Purple Team Exercises

Simulate adversary TTPs in controlled OT lab environments to validate detection and response capabilities.

Continuous Matrix Review

Update technique mappings with each ATT&CK version release and re-assess detection gaps quarterly.

Official Sources

Assess Your Compliance

Expert guidance for your MITRE ATT&CK ICS compliance journey.

Get Started