{"description": "ICS techniques mitigated by Static Network Configuration, ATT&CK mitigation M0814 (v1.2)", "name": "Static Network Configuration (M0814)", "domain": "ics-attack", "versions": {"layer": "4.5", "attack": "19", "navigator": "5.3.2"}, "techniques": [{"techniqueID": "T0830", "comment": "Statically defined ARP entries can prevent manipulation and sniffing of switched network traffic, as some AiTM techniques depend on sending spoofed ARP messages to manipulate network host's dynamic ARP tables.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0878", "comment": "Unauthorized connections can be prevented by statically defining the hosts and ports used for automation protocol connections.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1691", "comment": "Unauthorized connections can be prevented by statically defining the hosts and ports used for automation protocol connections.", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1691.001", "comment": "Unauthorized connections can be prevented by statically defining the hosts and ports used for automation protocol connections.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1691.002", "comment": "Unauthorized connections can be prevented by statically defining the hosts and ports used for automation protocol connections.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T0842", "comment": "Statically defined ARP entries can prevent manipulation and sniffing of switched network traffic, as some AiTM techniques depend on sending spoofed ARP messages to manipulate network host's dynamic ARP tables.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0846", "comment": "ICS environments typically have more statically defined devices, therefore minimize the use of both IT discovery protocols (e.g., DHCP, LLDP) and discovery functions in automation protocols.(Citation: D. Parsons and D. Wylie September 2019)(Citation: Colin Gray) Examples of automation protocols with discovery capabilities include OPC UA Device Discovery(Citation: Josh Rinaldi April 2016), BACnet(Citation: Aditya K Sood July 2019), and Ethernet/IP.(Citation: Langner November 2018)\n", "score": 1, "showSubtechniques": true}, {"techniqueID": "T0846.001", "comment": "ICS environments typically have more statically defined devices, therefore minimize the use of both IT discovery protocols (e.g., DHCP, LLDP) and discovery functions in automation protocols.(Citation: D. Parsons and D. Wylie September 2019)(Citation: Colin Gray) Examples of automation protocols with discovery capabilities include OPC UA Device Discovery(Citation: Josh Rinaldi April 2016), BACnet(Citation: Aditya K Sood July 2019), and Ethernet/IP.(Citation: Langner November 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T0846.002", "comment": "ICS environments typically have more statically defined devices, therefore minimize the use of both IT discovery protocols (e.g., DHCP, LLDP) and discovery functions in automation protocols.(Citation: D. Parsons and D. Wylie September 2019)(Citation: Colin Gray) Examples of automation protocols with discovery capabilities include OPC UA Device Discovery(Citation: Josh Rinaldi April 2016), BACnet(Citation: Aditya K Sood July 2019), and Ethernet/IP.(Citation: Langner November 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T0846.003", "comment": "ICS environments typically have more statically defined devices, therefore minimize the use of both IT discovery protocols (e.g., DHCP, LLDP) and discovery functions in automation protocols.(Citation: D. Parsons and D. Wylie September 2019)(Citation: Colin Gray) Examples of automation protocols with discovery capabilities include OPC UA Device Discovery (Citation: Josh Rinaldi April 2016), BACnet(Citation: Aditya K Sood July 2019), and Ethernet/IP.(Citation: Langner November 2018)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T0888", "comment": "ICS environments typically have more statically defined devices, therefore minimize the use of both IT discovery protocols (e.g., DHCP, LLDP) and discovery functions in automation protocols. (Citation: D. Parsons and D. Wylie September 2019) (Citation: Colin Gray) Examples of automation protocols with discovery capabilities include OPC UA Device Discovery  (Citation: Josh Rinaldi April 2016), BACnet  (Citation: Aditya K Sood July 2019), and Ethernet/IP. (Citation: Langner November 2018)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Static Network Configuration", "color": "#66b1ff"}]}