Advanced Cyber Industrial Control System Tactics, Techniques, and Procedures (ACI TTP) for Department of Defense (DOD) Industrial Control Systems (ICS)
Abstract
The purpose of this ACI TTP is to provide procedures that will enable IT and ICS managers to Detect nation-state-level cyber attacks; Mitigate the effects of those attacks; and Recover their networks following attacks. and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations, such as skid-mounted programmable logic controllers (PLC) are typical configurations found throughout the DoD. ICS are often used in the DoD to manage sectors of critical infrastructure such as electricity, water, wastewater, oil and natural gas, and transportation. SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control. DCS are generally used to control production systems within a local area such as a factory using supervisory and regulatory control. PLCs are generally used for discrete control for specific applications and generally provide regulatory control. These control systems are vital to the operation of the DoDs critical infrastructures that are often highly interconnected and mutually dependent systems. the ACI TTP does not include procedures regarding the Non-classified Internet Protocol Router Network (NIPRNet) and/or the corporate network, it does presume that both are hostile networks. ICS network staff should not rely on the cyber security infrastructure that these networks provide and should maintain a level of awareness regarding potential cyber attacks coming from these networks.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 2018
- Accession Number
- AD1056116