DET0769: Detection of Denial of View
DET0769 is a detection strategy for ICS Denial of View behavior: situations where an adversary disrupts an operator’s ability to see the status of the indu...
Analyst context for executives and security teams
DET0769 is a detection strategy for ICS Denial of View behavior: situations where an adversary disrupts an operator’s ability to see the status of the industrial environment. The business significance is not just a monitoring outage; in ICS, loss of operator visibility can delay safe decision-making, complicate incident response, and weaken confidence in whether processes are operating normally.
Executive priority
Treat this as an operational resilience and cyber-physical risk question: can the organization prove that operators, SOC staff, and incident responders would recognize and escalate a loss of ICS visibility quickly enough to maintain safe operations? Leaders should ask whether loss-of-view scenarios are covered in detection engineering, control room procedures, incident response playbooks, and compliance evidence for monitoring and response readiness.
Technical view
The supplied ATT&CK object has no official detection text, platforms, or tactics, but it explicitly detects ICS technique T0815 Denial of View. SOC and OT defenders should validate monitoring around temporary or sustained communication failures between ICS devices and control sources, especially where operator interfaces recover after interference stops. Detection logic should distinguish expected maintenance, network instability, and device faults from suspicious visibility loss patterns that affect operator oversight.
Likely telemetry
- ICS/control network communication status and availability events
- HMI, SCADA, or operator interface availability and error logs where present in the environment
- Controller, field device, gateway, or control-source connection state changes
- Network monitoring data showing interruptions, latency, packet loss, or failed sessions between devices and control sources
- OT incident tickets, maintenance records, and operator shift logs to correlate benign outages or planned work
Detection direction
- Confirm which systems generate evidence of communication failure between devices and control sources; the ATT&CK object does not specify platforms or data sources.
- Build or review detections for unexpected loss and restoration of operator visibility, not only total outages.
- Correlate technical alerts with maintenance windows and known reliability issues to reduce false positives.
- Validate escalation paths when visibility loss affects operator oversight, because the operational consequence may exceed the apparent duration of the event.
- Use the relationship to T0815 as the analytic anchor; do not assume broader ATT&CK tactics or platform coverage from this sparse detection-strategy object.
Mitigation priorities
- Prioritize visibility and alerting for critical ICS communication paths that support operator oversight.
- Document response procedures for loss-of-view events, including when to involve OT operations, SOC, engineering, and incident response.
- Maintain operational context such as approved maintenance windows and known unstable links so detections can be tuned responsibly.
- Test tabletop or validation scenarios for temporary visibility loss and recovery to confirm alerting, triage, and escalation evidence.
- Use findings to support resilience and compliance discussions around monitoring, incident response readiness, and cyber-physical risk governance.
Analyst notes and limits
This take is based on the DET0769 detection-strategy metadata and its relationship to ICS technique T0815 Denial of View. The most useful defensive work is environment-specific validation: where operator visibility depends on networked control paths, whether those paths are monitored, and whether loss of visibility triggers the right operational and security response.
The official object provides no description, no detection text, no platforms, and no tactics. The related T0815 description is truncated in the supplied data. As a result, this summary avoids claiming specific telemetry requirements, detection coverage, adversary tooling, attribution, active exploitation, or affected platforms beyond the supplied ICS Denial of View relationship.
Detection of Denial of View
No official description is available in the imported ATT&CK source object.
How security teams should use this page
Treat this object as behavior context, not an attribution claim. Validate the related groups, software, data sources, and mitigations against official ATT&CK relationships and your own telemetry before making control-coverage decisions.
Techniques used
This mirrors the MITRE pattern of making group, software, campaign, and technique relationships scannable. Relationship notes come from mirrored ATT&CK relationship text when available.
| Domain | ID | Name | Relationship / procedure |
|---|---|---|---|
| ICS | T0815 | Denial of View | This object detects Denial of View. |
All related ATT&CK context
Object version and sync metadata
The fields below describe the current mirrored snapshot. When Glexia retains multiple ATT&CK source imports, you can open the table to compare the same object across releases (hashes and MITRE timestamps). For MITRE’s own release notes and roadmap, see ATT&CK resources — Updates .
Imported snapshots across ATT&CK releases (1)
| Release | Bundle imported | Object version | Modified | Status | Raw hash |
|---|---|---|---|---|---|
| 19.1 | 1.0 | Current bundle | a5c9cb8b8e77… |
Mirrored ATT&CK source object
The raw object is retained through the mirrored ATT&CK source bundle and object hash. The raw endpoint returns the exact object from the mirrored bundle when available.
External references and citations
MITRE external references are preserved separately from Glexia analysis so citations remain traceable to their original source records.
-
[1]
mitre-attack DET0769Open source URL
Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.