Live Active security incident? Get immediate response
MITRE ATT&CK® Mitigation

M0806: Minimize Wireless Signal Propagation

Wireless signals frequently propagate outside of organizational boundaries, which provide opportunities for adversaries to monitor or gain unauthorized access to the wireless network. [1] To minimize this threat, organizations should implement measures to detect, understand, and reduce unnecessary RF propagation. [2]

ICSM0806MitigationObject v1.0 Modified
Discuss defensive coverage Back to ATT&CK
Glexia's Take

Analyst context for executives and security teams

Analyst confidence High

Minimizing wireless signal propagation matters because RF signals can extend beyond a facility’s physical boundary, creating an exposure path that does not look like normal network perimeter risk. For ICS environments, this is a cyber-physical concern: wireless access or monitoring opportunities may exist from nearby public or adjacent areas even when wired access is controlled.

Executive priority

Leaders should treat this as a resilience and site-security control, not only a network configuration issue. The key business question is whether critical wireless communications used in operational environments are understood, measured, and limited to the area where they are needed. This mitigation also supports compliance evidence for controls referenced by ATT&CK labels, including IEC 62443 SR/CR 1.6 and NIST SP 800-53 SC-40.

Technical view

SOC, IR, OT security, and facility teams should validate whether RF propagation has been assessed for wireless networks or RF communications relevant to ICS operations. Because ATT&CK provides no detection guidance for this mitigation, coverage depends on local RF surveys, spectrum analysis, direction-finding results, wireless configuration records, and physical boundary context. Relationship context ties this mitigation to Wireless Compromise (T0860) and Wireless Sniffing (T0887), so defenders should assess whether unnecessary signal leakage could enable unauthorized access attempts or passive RF capture.

Likely telemetry

  • RF survey and signal strength measurements inside and outside organizational boundaries
  • Spectrum analysis or RF detection results
  • Direction-finding observations where available
  • Wireless network configuration and access point placement records
  • Facility maps, physical boundary information, and antenna locations

Detection direction

  • Validate that RF monitoring or periodic RF assessment exists; ATT&CK does not provide a native detection analytic for this mitigation.
  • Compare measured wireless coverage against intended operational areas and physical site boundaries.
  • Tune review processes to distinguish expected propagation from unnecessary leakage beyond controlled areas.
  • Use relationship context to prioritize wireless paths that could support Wireless Compromise or Wireless Sniffing.
  • Check for blind spots created by distributed environments, remote control/reporting links, and non-Wi-Fi RF communications that may not appear in standard network monitoring.

Mitigation priorities

  • Inventory wireless and RF communications relevant to ICS operations before changing controls.
  • Measure and document actual signal propagation, including outside organizational boundaries.
  • Reduce unnecessary propagation through placement, antenna selection/orientation, power configuration, shielding or other site-appropriate RF controls.
  • Prioritize critical operational wireless links and areas where public or adjacent access could make signal exposure more material.
  • Maintain compliance-ready evidence: assessment dates, findings, remediation decisions, and residual risk acceptance.
Analyst notes and limits

This object is a course of action, so the practical value is in validating whether wireless exposure is known and reduced. The strongest evidence will usually come from RF assessment data and facility-specific context rather than conventional endpoint or network logs.

Official ATT&CK detection is not provided, and platforms/tactics are not specified. The supplied fields do not support claims about active exploitation, specific vendors, guaranteed detection, or environment-specific exposure. Local RF measurements are required to determine real risk.

Official MITRE ATT&CK definition

Minimize Wireless Signal Propagation

Wireless signals frequently propagate outside of organizational boundaries, which provide opportunities for adversaries to monitor or gain unauthorized access to the wireless network. [1] To minimize this threat, organizations should implement measures to detect, understand, and reduce unnecessary RF propagation. [2]

View the same entry on attack.mitre.org (MITRE-hosted reference; in-page links above use the Glexia ATT&CK library.)

Glexia analysis

How security teams should use this page

Treat this object as behavior context, not an attribution claim. Validate the related groups, software, data sources, and mitigations against official ATT&CK relationships and your own telemetry before making control-coverage decisions.

ATT&CK relationship table

Techniques used

This mirrors the MITRE pattern of making group, software, campaign, and technique relationships scannable. Relationship notes come from mirrored ATT&CK relationship text when available.

2 rows
Domain ID Name Relationship / procedure
ICS T0887 Wireless Sniffing

Reduce the range of RF communications to their intended operating range when possible. Propagation reduction methods may include (i) reducing transmission power on wireless signals, (ii) adjusting antenna gain to prevent extensions beyond organizational boundaries, and (iii) employing RF shielding techniques to block excessive signal propagation. CitationDHS National Urban Security Technology Laboratory April 2019
ICS T0860 Wireless Compromise

Techniques can include (i) reducing transmission power on wireless signals, (ii) adjusting antenna gain to prevent extensions beyond organizational boundaries, and (iii) employing RF shielding techniques to block excessive signal propagation. CitationDHS National Urban Security Technology Laboratory April 2019
Relationship explorer

All related ATT&CK context

mitigates · Technique T0887: Wireless Sniffing ICS mitigates · Technique T0860: Wireless Compromise ICS
Change history

Object version and sync metadata

The fields below describe the current mirrored snapshot. When Glexia retains multiple ATT&CK source imports, you can open the table to compare the same object across releases (hashes and MITRE timestamps). For MITRE’s own release notes and roadmap, see ATT&CK resources — Updates .

ATT&CK release
19.1
Object version
1.0
Created
Modified
Raw hash
0bdfc0d929405aa3...
Imported snapshots across ATT&CK releases (1)
Release Bundle imported Object version Modified Status Raw hash
19.1 1.0 Current bundle 0bdfc0d92940…
Raw source

Mirrored ATT&CK source object

The raw object is retained through the mirrored ATT&CK source bundle and object hash. The raw endpoint returns the exact object from the mirrored bundle when available.

Open mirrored raw JSON Open MITRE-hosted copy
Source references

External references and citations

MITRE external references are preserved separately from Glexia analysis so citations remain traceable to their original source records.

  1. [1]
    CISA March 2010

    CISA 2010, March Securing Wireless Networks Retrieved. 2020/09/17

    Open source URL
  2. [2]
    DHS National Urban Security Technology Laboratory April 2019

    DHS National Urban Security Technology Laboratory 2019, April Radio Frequency Detection, Spectrum Analysis, and Direction Finding Equipment Retrieved. 2020/09/17

    Open source URL
  3. [3]
    mitre-attack M0806
    Open source URL
Source and licensing

Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.

Official MITRE ATT&CK site Official STIX data repository MITRE ATT&CK terms of use