Detection Engineering in Industrial Control Systems. Ukraine 2016 Attack: Sandworm Team and Industroyer Case Study

Abstract

In this document we discuss applying MITREs TTP Cyber Hunt for Mission Automation Protection (TCHAMP) threat hunting methodology to Industrial Control System (ICS) environments. We are specifically focused on the Ukraine 2016 attack by the Sandworm Team which caused widespread power outages and how the same Tactics, Techniques, and Procedures (TTPs) can be used against North American power distribution systems.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Dec 01, 2021
Accession Number
AD1168961

Entities

People

  • Daniel Rebori-carretero
  • Jordan Hanna
  • Michael Mcfail

Organizations

  • MITRE Corporation

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies
  • Space
  • Weapons Technologies

DTIC Thesaurus Topics

  • Acquisition
  • Anti-Virus Software
  • Basic Programming Language
  • Command And Control
  • Computer Programming
  • Computers
  • Control Systems
  • Cyberattacks
  • Cyberspace Operations
  • Department Of Defense
  • Engineering
  • Human-Machine Interfaces
  • Industrial Control Systems
  • Information Operations
  • Lessons Learned
  • Network Protocols
  • Operating Systems
  • Power Distribution
  • Scada
  • Shell Scripts
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Military History / Militaries and War Studies

Technology Areas

  • Cyber