ATT&CK ICS, D3FEND & ISTG

[scriptingxss]

Folks have asked about relation to adjacent frameworks like ATT&CK ICS, D3FEND (links below) and overlap of them with ISTG.

https://attack.mitre.org/techniques/ics/ https://attack.mitre.org/matrices/ics/ https://d3fend.mitre.org/

Curious if the project has a perspective to share and if there are opportunities to partner or collaborate on mappings in the future?

[scriptingxss]

Similar to MASTG, ATT&CK mobile provides an adversarial perspective with known tools, tactics, procedures, and detections from known events or malicious software. Although these are valuable to organizations, verification standards and testing guides offer assurance lifecycle practices incorporated into security programs producing high quality software from manufacturers of IoT.

Based off the mitigations for ICS, ATT&CK might focus on an enterprise adversary perspective with operational mitigations and detections. There are mitigations that allude to software security practices such as validate user input and code signing.

[scriptingxss]

@rockhoppersec, curious on your perspective :)

[rockhoppersec]

As @scriptingxss already mentioned, the frameworks above are very useful tools, but for slightly different subjects and audiences.

While these frameworks work very well when it comes to assessing attack vectors against, for example, enterprise networks, the ISTG is intended to provide a more hands-on approach to testing IoT devices. While there are definitely overlaps, the ISTG will focus more on technologies and attack vectors tailored to testing individual devices, thereby providing a different perspective.