Keep business-critical equipment away from locations subject to high probability for environmental risk events.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DCS-15 | Secure Utilities | mitigates | T1529 | System Shutdown/Reboot |
Comments
Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems.
This control requires securing, monitoring, maintaining, and regularly testing utility services (e.g., power, HVAC, communications) to ensure ongoing effectiveness, mitigating attacker techniques such as disruption of infrastructure, exploitation of unmonitored service failures, and availability attacks that can compromise system resilience.
|
| DCS-15 | Secure Utilities | mitigates | T1496.002 | Bandwidth Hijacking |
Comments
Adversaries may leverage the network bandwidth resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
This control requires securing, monitoring, maintaining, and regularly testing utility services (e.g., power, HVAC, communications) to ensure ongoing effectiveness, mitigating attacker techniques such as disruption of infrastructure, exploitation of unmonitored service failures, and availability attacks that can compromise system resilience.
|
| DCS-15 | Secure Utilities | mitigates | T1496 | Resource Hijacking |
Comments
Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
This control requires securing, monitoring, maintaining, and regularly testing utility services (e.g., power, HVAC, communications) to ensure ongoing effectiveness, mitigating attacker techniques such as disruption of infrastructure, exploitation of unmonitored service failures, and availability attacks that can compromise system resilience.
|
| DCS-15 | Secure Utilities | mitigates | T1498.002 | Reflection Amplification |
Comments
Adversaries may attempt to cause a denial of service (DoS) by reflecting a high-volume of network traffic to a target. This type of Network DoS takes advantage of a third-party server intermediary that hosts and will respond to a given spoofed source IP address.
This control requires securing, monitoring, maintaining, and regularly testing utility services (e.g., power, HVAC, communications) to ensure ongoing effectiveness, mitigating attacker techniques such as disruption of infrastructure, exploitation of unmonitored service failures, and availability attacks that can compromise system resilience.
|
| DCS-15 | Secure Utilities | mitigates | T1498.001 | Direct Network Flood |
Comments
Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users. Direct Network Floods are when one or more systems are used to send a high-volume of network packets towards the targeted service's network. Almost any network protocol may be used for flooding. Stateless protocols such as UDP or ICMP are commonly used but stateful protocols such as TCP can be used as well.
This control requires securing, monitoring, maintaining, and regularly testing utility services (e.g., power, HVAC, communications) to ensure ongoing effectiveness, mitigating attacker techniques such as disruption of infrastructure, exploitation of unmonitored service failures, and availability attacks that can compromise system resilience.
|
| DCS-15 | Secure Utilities | mitigates | T1498 | Network Denial of Service |
Comments
Adversaries may perform Network Denial of Service (DoS) attacks to degrade or block the availability of targeted resources to users. Network DoS can be performed by exhausting the network bandwidth services rely on. Example resources include DNS, and web-based services and applications that provide resources to the utility services.
This control requires securing, monitoring, maintaining, and regularly testing utility services (e.g., power, HVAC, communications) to ensure ongoing effectiveness, mitigating attacker techniques such as disruption of infrastructure, exploitation of unmonitored service failures, and availability attacks that can compromise system resilience.
|
| DCS-15 | Secure Utilities | mitigates | T1499.002 | Service Exhaustion Flood |
Comments
Adversaries may target the different network services provided by systems to conduct a denial of service (DoS). Adversaries often target the availability of DNS and web services, however others have been targeted as well. Web server software can be attacked through a variety of means, some of which apply generally while others are specific to the software being used to provide the service.
This control requires securing, monitoring, maintaining, and regularly testing utility services (e.g., power, HVAC, communications) to ensure ongoing effectiveness, mitigating attacker techniques such as disruption of infrastructure, exploitation of unmonitored service failures, and availability attacks that can compromise system resilience.
|
| DCS-15 | Secure Utilities | mitigates | T1489 | Service Stop |
Comments
Adversaries may stop or disable services on a system to render those services unavailable to legitimate users. Stopping critical services or processes can inhibit or stop response to an incident or aid in the adversary's overall objectives to cause damage to the environment.
This control requires securing, monitoring, maintaining, and regularly testing utility services (e.g., power, HVAC, communications) to ensure ongoing effectiveness, mitigating attacker techniques such as disruption of infrastructure, exploitation of unmonitored service failures, and availability attacks that can compromise system resilience.
|