What is the goal of this operation: To attract and trap adversaries targeting ICS systems, exposing their presence, understanding their TTPs, and gathering intelligence on their tools and motives.
Whats the approach of this operation or element? This element focuses on collecting adversary activity data within the honeypot environment, detecting their interactions with the ICS components, and analyzing the information to understand their capabilities and intentions.
This active defense element involves deploying a realistic, yet fake, ICS environment within a segregated network segment. This honeypot mimics real-world ICS components, such as programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, and human-machine interfaces
1 (HMIs). The environment is designed to lure attackers interested in disrupting or sabotaging critical infrastructure.