Bug: All MITRE ATT&CK ICS Techniques have "x_mitre_platforms": [ "None" ]

[MaurizioCasciano]

Hi @jondricek @ElJocko @isaisabel, I have found that the platforms of all MITRE ATT&CK ICS Techniques have not been added. All ICS Techniques have "x_mitre_platforms": [ "None" ]

E.g. https://github.com/mitre/cti/blob/master/ics-attack/ics-attack.json#L8311

The same happens also on the website https://attack.mitre.org/techniques/T0889/ where the associated assets

have Embedded platform:

[MaurizioCasciano]

Equal to what found for STIX 2.1 dataset repository https://github.com/mitre-attack/attack-stix-data/issues/46

[jondricek]

@MaurizioCasciano the reason for this is that the ICS domain had been using the x_mitre_platforms field as a placeholder for what ultimately was the Asset STIX object which was introduced in the v14 release on Oct. 31 this year. More information about Assets can be found in the ATT&CK v14 blog post. At that time, the Assets were removed from the x_mitre_platforms field and intentionally replaced with [ "None" ] because the STIX specification doesn't allow empty arrays and at present we want to keep that field in every Technique object even if there is no value to make parsing more straightforward, even though the value of "None" might be confusing.

This is the same answer to https://github.com/mitre-attack/attack-stix-data/issues/46