Manipulation of Control

From attackics
Jump to navigation Jump to search
Manipulation of Control
Technique
ID T0831
Tactic Impact

Description

Adversaries may manipulate physical process control within the industrial environment. Methods of manipulating control can include changes to set point values, tags, or other parameters. Adversaries may manipulate control systems devices or possibly leverage their own, to communicate with and command physical control processes. The duration of manipulation may be temporary or longer sustained, depending on operator detection.

Methods of Manipulation of Control include:

  • Man-in-the-middle
  • Spoof command message
  • Changing setpoints


Procedure Examples

  • Industroyer toggles breakers to the open state utilizing unauthorized command messages.1
  • Stuxnet can reprogram a PLC and change critical parameters in such a way that legitimate commands can be overridden or intercepted. In addition, Stuxnet can apply inappropriate command sequences or parameters to cause damage to property.

Mitigations

  • Communication Authenticity - Protocols used for control functions should provide authenticity through MAC functions or digital signatures. If not, utilize bump-in-the-wire devices or VPNs to enforce communication authenticity between devices that are not capable of supporting this (e.g., legacy controllers, RTUs).
  • Data Backup - Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise. Maintain and exercise incident response plans 2, including the management of "gold-copy" back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.