misp-galaxy/clusters/mitre-ics-levels.json

{
  "authors": [
    "MITRE"
  ],
  "category": "level",
  "description": "Based on the Purdue Model to aid ATT&CK for ICS users to understand which techniques are applicable to their environment.",
  "name": "Levels",
  "source": "https://collaborate.mitre.org/attackics/index.php/All_Levels",
  "type": "mitre-ics-levels",
  "uuid": "952bcf79-eccd-45ac-9769-f61886bd0264",
  "values": [
    {
      "description": "The I/O network level includes the actual physical processes and sensors and actuators that are directly connected to process equipment.",
      "meta": {
        "Related Assets": [
          "Engineering Workstation https://collaborate.mitre.org/attackics/index.php/Engineering_Workstation",
          "Field Controller/RTU/PLC/IED https://collaborate.mitre.org/attackics/index.php/Field_Controller/RTU/PLC/IED",
          "Safety Instrumented System/Protection Relay https://collaborate.mitre.org/attackics/index.php/Safety_Instrumented_System/Protection_Relay"
        ]
      },
      "uuid": "614c4df5-b65f-4f3c-bb9f-b67549dfce2f",
      "value": "Level 0"
    },
    {
      "description": "The control network level includes the functions involved in sensing and manipulating physical processes. Typical devices at this level are programmable logic controllers (PLCs), distributed control systems, safety instrumented systems and remote terminal units (RTUs).",
      "meta": {
        "Related Assets": [
          "Engineering Workstation https://collaborate.mitre.org/attackics/index.php/Engineering_Workstation",
          "Field Controller/RTU/PLC/IED https://collaborate.mitre.org/attackics/index.php/Field_Controller/RTU/PLC/IED",
          "Human-Machine Interface https://collaborate.mitre.org/attackics/index.php/Human-Machine_Interface",
          "Safety Instrumented System/Protection Relay https://collaborate.mitre.org/attackics/index.php/Safety_Instrumented_System/Protection_Relay"
        ]
      },
      "uuid": "b9b1c942-b419-4919-ba14-40b24b0fbbd5",
      "value": "Level 1"
    },
    {
      "description": "The supervisory control LAN level includes the functions involved in monitoring and controlling physical processes and the general deployment of systems such as human-machine interfaces (HMIs), engineering workstations and historians.",
      "meta": {
        "Related Assets": [
          "Control Server https://collaborate.mitre.org/attackics/index.php/Control_Server",
          "Data Historian https://collaborate.mitre.org/attackics/index.php/Data_Historian",
          "Engineering Workstation https://collaborate.mitre.org/attackics/index.php/Engineering_Workstation",
          "Human-Machine Interface https://collaborate.mitre.org/attackics/index.php/Human-Machine_Interface",
          "Input/Output Server https://collaborate.mitre.org/attackics/index.php/Input/Output_Server"
        ]
      },
      "uuid": "358d768d-5a97-4b1b-b185-044c1dd14357",
      "value": "Level 2"
    }
  ],
  "version": 1
}