Tactics represent the "why" of an ATT&CK technique or sub-technique. It is the adversary's tactical goal: the reason for performing an action. For example, an adversary may want to achieve credential access.
|TA0108||Initial Access||The adversary is trying to get into your ICS environment.|
|TA0104||Execution||The adversary is trying to run code or manipulate system functions, parameters, and data in an unauthorized way.|
|TA0110||Persistence||The adversary is trying to maintain their foothold in your ICS environment.|
The adversary is trying to gain higher-level permissions.
Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities.
|TA0103||Evasion||The adversary is trying to avoid security defenses.|
|TA0102||Discovery||The adversary is locating information to assess and identify their targets in your environment.|
|TA0109||Lateral Movement||The adversary is trying to move through your ICS environment.|
|TA0100||Collection||The adversary is trying to gather data of interest and domain knowledge on your ICS environment to inform their goal.|
|TA0101||Command and Control||The adversary is trying to communicate with and control compromised systems, controllers, and platforms with access to your ICS environment.|
|TA0107||Inhibit Response Function||The adversary is trying to prevent your safety, protection, quality assurance, and operator intervention functions from responding to a failure, hazard, or unsafe state.|
|TA0106||Impair Process Control||The adversary is trying to manipulate, disable, or damage physical control processes.|
|TA0105||Impact||The adversary is trying to manipulate, interrupt, or destroy your ICS systems, data, and their surrounding environment.|