An Ontology for the Embedded System TTP Matrix

March, 2022
IDA document: P-32935
FFRDC: Systems and Analyses Center
Type: Documents
Division: System Evaluation Division , Science, Systems and Sustainment Division
Authors:
Authors
Rachel K. de Naray, Brian A. Haugh, Steven P. Wartik See more authors
The MITRE Corporation’s ATT&CK matrices enumerate tactical objectives in cyberattacks and the techniques agents use to achieve those objectives. The ATT&CK matrices cover enterprise systems, mobile systems and industrial control systems. MITRE recently developed the Embedded System Tactics, Techniques and Procedures Matrix (ESTM) to apply ATT&CK concepts in embedded systems. Embedded systems are crucial to Department of Defense operations. ESTM provides a framework to support analysis of embedded system cybersecurity. To allow using ATT&CK concepts in automated reasoning systems, IDA worked with the Army Information Intelligence and Warfare Directorate and CUBRC to create the MITRE Attack Matrix Ontology (MAMO), an ontological representation of ATT&CK. IDA has recently worked with MITRE to create an ontological representation of ESTM, thereby extending automated reasoning about cybersecurity into the domain of embedded systems.