← Back to Blog
Threat Intelligence

Common Cyber Attack Tactics Used by Adversaries for ICS

📅 January 28, 2023 ✍️ Sourabh Suman ⏱️ 5 min read

Tactics represent the "why" of an ATT&CK technique or sub-technique. It is the adversary's tactical goal: the reason for performing an action. For example, an adversary may want to achieve credential access. Here are the 12 tactics commonly used by adversaries targeting Industrial Control Systems:

Initial Access

The adversary is trying to get into your ICS environment.

Execution

The adversary is trying to run code or manipulate system functions, parameters, and data in an unauthorized way.

Persistence

The adversary is trying to maintain their foothold in your ICS environment.

Privilege Escalation

The adversary is trying to gain higher-level permissions.

Evasion

The adversary is trying to avoid security defenses.

Discovery

The adversary is locating information to assess and identify their targets in your environment.

Lateral Movement

The adversary is trying to move through your ICS environment.

Collection

The adversary is trying to gather data of interest and domain knowledge on your ICS environment to inform their goal.

Command and Control

The adversary is trying to communicate with and control compromised systems, controllers, and platforms with access to your ICS environment.

Inhibit Response Function

The adversary is trying to prevent your safety, protection, quality assurance, and operator intervention functions from responding to a failure, hazard, or unsafe state.

Impair Process Control

The adversary is trying to manipulate, disable, or damage physical control processes.

Impact

The adversary is trying to manipulate, interrupt, or destroy your ICS systems, data, and their surrounding environment.

Real-World Examples

These 12 tactics are being utilized by adversaries specific to ICS, some examples of procedural attack examples include:

This list is quite big but MITRE has done tremendous task to bring everything on a single page. Reading all the tactics and understanding them will give you added advantage when you are thinking of putting a cybersecurity solution for your infrastructure.