Tactics represent the "why" of an ATT&CK technique or sub-technique. It is the adversary's tactical goal: the reason for performing an action. For example, an adversary may want to achieve credential access.
| ID | Name | Description |
|---|---|---|
| TA0108 | Initial Access | The adversary is trying to get into your ICS environment. |
| TA0104 | Execution | The adversary is trying to run code or manipulate system functions, parameters, and data in an unauthorized way. |
| TA0110 | Persistence | The adversary is trying to maintain their foothold in your ICS environment. |
| TA0111 | Privilege Escalation | The adversary is trying to gain higher-level permissions. |
| TA0103 | Evasion | The adversary is trying to avoid security defenses. |
| TA0102 | Discovery | The adversary is locating information to assess and identify their targets in your environment. |
| TA0109 | Lateral Movement | The adversary is trying to move through your ICS environment. |
| TA0100 | Collection | The adversary is trying to gather data of interest and domain knowledge on your ICS environment to inform their goal. |
| TA0101 | Command and Control | The adversary is trying to communicate with and control compromised systems, controllers, and platforms with access to your ICS environment. |
| TA0107 | Inhibit Response Function | The adversary is trying to prevent your safety, protection, quality assurance, and operator intervention functions from responding to a failure, hazard, or unsafe state. |
| TA0106 | Impair Process Control | The adversary is trying to manipulate, disable, or damage physical control processes. |
| TA0105 | Impact | The adversary is trying to manipulate, interrupt, or destroy your ICS systems, data, and their surrounding environment. |