Monitor Process State
Jump to navigation
Jump to search
Monitor Process State | |
---|---|
Technique | |
ID | T0801 |
Tactic | Collection |
Data Sources | Controller program, Network device logs, Host network interfaces, Process monitoring, Netflow/Enclave netflow |
Asset | Human-Machine Interface, Control Server, Data Historian, Field Controller/RTU/PLC/IED, Safety Instrumented System/Protection Relay |
Description
Adversaries may gather information about the physical process state. This information may be used to gain more information about the process itself or used as a trigger for malicious actions. The sources of process state information may vary such as, OPC tags, historian data, specific PLC block information, or network traffic.
Procedure Examples
- Stuxnet examines fields recorded by the DP_RECV monitor to determine if the target system is in a particular state of operation.1
Mitigations
- Mitigation Limited or Not Effective - This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
References