Assess security posture of physical locations

Physical access may be required for certain types of adversarial actions. [1] [2]

ID: T1302

Tactic: Organizational Weakness Identification

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Physical security is often unaware of implications of physical access to network. However, some organizations have thorough physical security measures that would log and report attempted incursions, perimeter breaches, unusual RF at a site, etc.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Social engineering and OSINT are still generally successful. Physical locations of offices/sites are easily determined. Monitoring for other sites of interest, such as backup storage vendors, is also easy to accomplish.

References

  1. Doug MacDonald, Samuel L Clements, Scott W Patrick, Casey Perkins, George Muller, Mary J Lancaster, Will Hutton. (2013, February). Cyber/physical security vulnerability assessment integration. Retrieved March 6, 2017.
  1. J. Depoy, J. Phelan, P. Sholander, B. Smith, G.B. Varnado and G. Wyss. (2015). RISK ASSESSMENT for PHYSICAL AND CYBER ATTACKS on CRITICAL INFRASTRUCTURES. Retrieved March 6, 2017.