Mapping the MITRE ATT&CK Framework to Modbus Cyber Attacks in Industrial OT Networks
- This paper presents a novel approach to applying the MITRE ATT&CK framework, traditionally used for IT cybersecurity, to industrial OT networks. The MITRE ATT&CK framework is a widely adopted knowledge base that systematically categorizes adversarial tactics and techniques used in network-based cyber attacks. To the best of our knowledge, this paper respresents the first mapping of the MITREThis paper presents a novel approach to applying the MITRE ATT&CK framework, traditionally used for IT cybersecurity, to industrial OT networks. The MITRE ATT&CK framework is a widely adopted knowledge base that systematically categorizes adversarial tactics and techniques used in network-based cyber attacks. To the best of our knowledge, this paper respresents the first mapping of the MITRE ATT&CK framework to Modbus-based cyberattacks, implemented on a real hardware-based Industrial OT Network testbed, demonstrating how adversarial techniques manifest in industrial OT network environments. Modbus, a widely used fieldbus protocol, exemplifies the security challenges inherent in legacy industrial communication systems. In our analysis, we propose and describe a methodology to dissect a multi-stage attack, starting from an initial network compromise on an Engineering Workstation, followed by lateral movement to a Human-Machine Interface, and culminating in injection and Denial-of-Service attacks against Programmable Logic Controllers. Our mapping reveals critical vulnerabilities in Modbus and similar fieldbus protocols, supporting the development of tailored countermeasures such as command authentication, network segmentation, and anomaly detection. This work bridges the gap between IT-centric ATT&CK methodologies and industrial OT networks while providing actionable insights for future monitoring and protection activities for threat detection and mitigation.…
| Document Type: | Conference Proceeding |
|---|---|
| Conference Type: | Konferenzartikel |
| Zitierlink: | https://opus.hs-offenburg.de/11111 | Bibliografische Angaben |
| Title (English): | Mapping the MITRE ATT&CK Framework to Modbus Cyber Attacks in Industrial OT Networks |
| Conference: | International Scientific Conference on Information, Communication and Energy Systems and Technologies (60. : June 26-28, 2025 : Ohrid, North Macedonia) |
| Author: | Jaafer RahmaniStaff Member, Axel SikoraStaff MemberORCiDGND |
| Year of Publication: | 2025 |
| Date of first Publication: | 2025/08/04 |
| Publisher: | IEEE |
| First Page: | 1 |
| Last Page: | 4 |
| Parent Title (English): | 2025 60th International Scientific Conference on Information, Communication and Energy Systems and Technologies (ICEST) : Proceeding of Papers |
| Editor: | Mitko Kostov, Metodija Atanasovski |
| ISBN: | 979-8-3315-2655-9 (Elektronisch) |
| ISBN: | 979-8-3315-2656-6 (Print on Demand) |
| ISSN: | 2603-3267 (Elektronisch) |
| ISSN: | 2603-3259 (Print on Demand) |
| DOI: | https://doi.org/10.1109/ICEST66328.2025.11098426 |
| Language: | English | Inhaltliche Informationen |
| Institutes: | Fakultät Elektrotechnik, Medizintechnik und Informatik (EMI) (ab 04/2019) |
| Research: | ivESK - Institut für verlässliche Embedded Systems und Kommunikationselektronik |
| Collections of the Offenburg University: | Bibliografie |
| Tag: | Anomaly Detecction; Cyberattack Mapping; Fieldbus Vulnerabilities; Industrial OT Network Security; MITRE ATT&CK framework; Modbus protocol; PLC | Formale Angaben |
| Relevance for "Jahresbericht über Forschungsleistungen": | 1-fach | Konferenzbeitrag |
| Open Access: | Closed |
| Licence (German): |  Urheberrechtlich geschützt |