Live Active security incident? Get immediate response
MITRE ATT&CK® Matrix

ICS ATT&CK Matrix

A Glexia-styled visualization of ATT&CK tactics and techniques. This is not the MITRE Navigator UI and does not imply MITRE endorsement.

Matrix workbench

97 techniques and sub-techniques mapped across 12 tactics

Use this as a fast defensive coverage map. Each cell links to the normalized Glexia detail page with official source attribution and relationship context.

EnterpriseMobileICS
TA0100

Collection

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0101

Command and Control

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0102

Discovery

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0103

Evasion

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0104

Execution

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0105

Impact

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0106

Impair Process Control

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0107

Inhibit Response Function

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0108

Initial Access

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0109

Lateral Movement

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0110

Persistence

0 techniques

No current techniques are mapped to this tactic in the normalized data.

TA0111

Privilege Escalation

0 techniques

No current techniques are mapped to this tactic in the normalized data.

Browse

Unmapped / all techniques

97 techniques

T0800 Activate Firmware Update Mode None T0801 Monitor Process State None T0802 Automated Collection None T0806 Brute Force I/O None T0807 Command-Line Interface None T0809 Data Destruction None T0811 Data from Information Repositories None T0813 Denial of Control None T0814 Denial of Service None T0815 Denial of View None T0816 Device Restart/Shutdown None T0817 Drive-by Compromise None T0819 Exploit Public-Facing Application None T0820 Exploitation for Evasion None T0821 Modify Controller Tasking None T0822 External Remote Services None T0823 Graphical User Interface None T0826 Loss of Availability None T0827 Loss of Control None T0828 Loss of Productivity and Revenue None T0829 Loss of View None T0830 Adversary-in-the-Middle None T0831 Manipulation of Control None T0832 Manipulation of View None T0834 Native API None T0835 Manipulate I/O Image None T0836 Modify Parameter None T0837 Loss of Protection None T0838 Modify Alarm Settings None T0840 Network Connection Enumeration None T0842 Network Sniffing None T0843 Program Download None T0843.001 Download All ICS T0843.002 Online Edit ICS T0843.003 Program Append ICS T0845 Program Upload None T0846 Remote System Discovery None T0846.001 Port Scan ICS T0846.002 Broadcast Discovery ICS T0846.003 Multicast Discovery ICS T0847 Replication Through Removable Media None T0848 Rogue Master None T0849 Masquerading None T0851 Rootkit None T0852 Screen Capture None T0853 Scripting None T0858 Change Operating Mode None T0859 Valid Accounts None T0860 Wireless Compromise None T0861 Point & Tag Identification None T0862 Supply Chain Compromise None T0863 User Execution None T0864 Transient Cyber Asset None T0865 Spearphishing Attachment None T0866 Exploitation of Remote Services None T0867 Lateral Tool Transfer None T0868 Detect Operating Mode None T0869 Standard Application Layer Protocol None T0871 Execution through API None T0872 Indicator Removal on Host None T0873 Project File Infection None T0873.001 Siemens Project File Format ICS T0874 Hooking None T0877 I/O Image None T0878 Alarm Suppression None T0879 Damage to Property None T0880 Loss of Safety None T0881 Service Stop None T0882 Theft of Operational Information None T0883 Internet Accessible Device None T0884 Connection Proxy None T0885 Commonly Used Port None T0886 Remote Services None T0887 Wireless Sniffing None T0888 Remote System Information Discovery None T0889 Modify Program None T0890 Exploitation for Privilege Escalation None T0892 Change Credential None T0893 Data from Local System None T0894 System Binary Proxy Execution None T0895 Autorun Image ICS T1691 Block Operational Technology Message ICS T1691.001 Command Message ICS T1691.002 Reporting Message ICS T1692 Unauthorized Message ICS T1692.001 Command Message ICS T1692.002 Reporting Message ICS T1693 Modify Firmware ICS T1693.001 System Firmware ICS T1693.002 Module Firmware ICS T1694 Insecure Credentials ICS T1694.001 Default Credentials ICS T1694.002 Hardcoded Credentials ICS T1695 Block Communications ICS T1695.001 Serial COM ICS T1695.002 Ethernet ICS T1695.003 Wi-Fi ICS

Exports

Structured JSON, CSV, and Navigator-layer export generation will use the normalized reference records after full sync. The current page is intentionally lightweight and source-backed.

Source and licensing

Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.

Official MITRE ATT&CK site Official STIX data repository MITRE ATT&CK terms of use