ICS within the NIS Directive should be ATT&CK®ed
In August 2016, the European Parliament and the Council of the European Union implemented the first piece of legislation specifically addressing the cybersecurity of its Network and Information Systems (also known as the NIS Directive, or NISD). The NIS Directive (European Commission, 2016) required that member states transpose the Directive into local law by May 2018 and self-select the in-scope Operators of Essential Services (OES) by November 2018. To assist with the short time frames, the European Union Agency for Cybersecurity published a guideline (ENISA, 2018) that maps the security requirements set out in the NIS Directive to existing industry standards for specific sectors. Some of these included the North American Electric Reliability Corporation Critical Infrastructure Protection Standards (NERC CIP), National Institute of Standards and Technology (NIST), and International Organization for Standardization (ISO). Given the increased focus of malicious actors targeting Industrial Control Systems (ICS) and Operational Technology (OT) assets, does the NIS Directive provide meaningful impact to protect industrial assets and public safety? Rather than recommending industry-specific standards, what is the effect when complemented with common Tactics, Techniques, and Procedures (TTP) determined by the Mitre ATT&CK® for ICS (Mitre, 2020) framework?
ics-nis-directive-should-be-attacked (PDF, 0.56MB)
25 Aug 2021Related Content
OT Network Visibility and Detective Controls in a NERC CIP World
Research PaperAs cyber threats grow and regulations evolve, critical infrastructure must balance compliance and innovation.
- 20 Aug 2025
- Tim Conway
NERC CIP-015: Monitoring Deep Inside Critical Networks to Keep Adversaries Outside
Research PaperThe North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Standards (hereinafter referred to as the Standards) require preventive controls to establish Electronic Security Perimeters (ESPs) containing Bulk Electric System (BES) Cyber Systems and to control communications in and out of those ESPs.
- 14 Aug 2025
- Tim Conway, Robert M. Lee
Prioritized Industrial Cyber Defense in Oil and Gas
Research PaperSANS Institute developed a white paper exclusively for ONE-ISAC members to address the urgent cybersecurity challenges facing the oil and gas sector.
- 13 Jun 2025
- Dean Parsons
Webs of Deception: Using the SANS ICS Kill Chain to Flip the Advantage to the Defender
Research PaperUsing the SANS ICS Cyber Kill Chain, the research implemented a representative ICS network to evaluate the effectiveness of security controls for use by small ICS defenders.
- 14 Apr 2025
2025 ICS/OT Cybersecurity Budget: Spending Trends, Challenges, and the Future
Research PaperThis white paper explores the findings of the 2025 SANS Survey on ICS/OT Security Budgets.
- 3 Mar 2025
- Dean Parsons
Critical Cybersecurity for Safer Water Management
Research PaperThe paper emphasizes the importance of skilled ICS cybersecurity defenders and ICS-specific security controls aligning with the SANS Five ICS Cybersecurity Critical Controls.
- 28 Jan 2025
- Dean Parsons
Cyber Guardian Exercise: A Case Study in Brazil to Address Challenges in Cybersecurity and Protect Critical Infrastructure
Research PaperDiscussions of cybersecurity, in particular those associated with critical infrastructure (CI),...
- 22 Feb 2022
Manage Open-Source Components via Secure Product Development Lifecycle in Industrial Control System
Research PaperNowadays, open-source components are becoming the essential components in industrial control systems...
- 14 Feb 2022
ICS OT Systems Security Engineering Is Not Dead
Research PaperICS OT Systems Security Engineering Is Not Dead
- 23 Mar 2020
ICS Layered Threat Modeling
Research PaperThe ultimate goal of building cybersecurity architecture is to protect systems from potential...
- 22 Jan 2019
Passive Analysis of Process Control Networks
Research PaperIn recent years there has been an increased push to secure critical ICS infrastructures by...
- 1 Jun 2018
Incentivizing Cyber Security: A Case for Cyber Insurance
Research PaperIn the wake of recent events-Ukraine, Shamoon v2, WannaCry--providing cyber security continues to be...
- 27 Jun 2017
The Industrial Control System Cyber Kill Chain
Research PaperRead this paper to gain an understanding of an adversary's campaign against ICS. The first two parts...
- 5 Oct 2015
Tactical Data Diodes in Industrial Automation and Control Systems
Research PaperIn recent years, there has been an increased interest in the use of Data Diodes (also known as...
- 30 Jun 2015
The Perfect ICS Storm
Research PaperAs manufacturing Industrial Control System (ICS) architectural designs have evolved from isolated...
- 8 Jun 2015
An Abbreviated History of Automation and Industrial Controls System and Cybersecurity
Research PaperAn Abbreviated History of Automation and Industrial Controls System and Cybersecurity
- 23 Jan 2015
Automated Defense - Using Threat Intelligence to Augment
Research PaperAutomation and industrial controls systems - often referred to as ICS - have an interesting and...
- 19 Jan 2015
Rate my nuke: Bringing the nuclear power plant control room to iPad
Research PaperShibboleth is a free, open-source web single sign-on solution (SSO) for complex federated...
- 14 Nov 2014
Protect Critical Infrastructure Systems With Whitelisting
Research PaperSecurity professionals in federal, state and local agencies face many unique challenges in...
- 5 Aug 2014
Case Study in Developing Fault Tolerant and Highly Available Systems with Secure Zones of Protection
Research PaperProcess Control is the part of a company that controls the critical processes that company...
- 8 Aug 2003