This paper analyzes the reported threats to Industrial Control Systems (ICS)/Operational Technology (OT) and identifies common tactics, techniques, and procedures (TTP) used by threat actors. The paper then uses the MITRE ATT&CK framework to map the common TTPs and provide an understanding of the security controls needed to defend against the reported ICS threats. The paper also includes a review of ICS testbeds and ideas for future research using the identified controls.

翻译：本文分析了已报告的工业控制系统（ICS）/运营技术（OT）所面临的威胁，并识别了威胁行为者常用的战术、技术和程序（TTP）。随后，本文利用MITRE ATT&CK框架对这些常见的TTP进行映射分析，以阐明防御已报告ICS威胁所需的安全控制措施。此外，本文还综述了ICS测试平台，并基于所识别的控制措施提出了未来研究方向的构想。