Defending OT with ATT&CK - Threats and Vulnerabilities in Critical Infrastructure

Explore a 30-minute presentation from the Threats & Vulnerabilities Summit 2025 that introduces CTID's threat modeling methodology for identifying adversarial threats and attack vectors targeting Critical Infrastructure, with emphasis on both IT and OT environments. Through a detailed case study of the Russian APT group Sandworm, examine their recent cyberattack on Ukraine's Electric Power Plant, understanding the key tactics, techniques, and procedures (TTPs) used to exploit vulnerabilities in critical operational systems. Led by Adrian Garcia Gonzalez, Lead Cloud Cybersecurity Architect at MITRE Corporation, gain valuable insights including an overview of CTID's threat modeling methodology for critical infrastructure, how adversaries target IT and OT systems in critical sectors, a comprehensive analysis of Sandworm's attack on Ukraine's Electric Power Plant, and key TTPs used in real-world infrastructure exploitation. Access additional cloud security resources from the Cloud Security Alliance, including the Top Threats to Cloud Computing 2024 Report, CSA's Research and Knowledge Base, AI Safety Initiative, online trainings, and opportunities to share expertise as a research volunteer.