Abstract
Industrial organizations often rely on default security configurations, assuming they provide a reliable safety net. This paper presents a preliminary empirical study evaluating the detection of Microsoft Sentinel against six Defense Evasion techniques from the MITRE ATT&CK framework, simulated in a controlled laboratory environment using MITRE CALDERA. The results were definitive: without manual intervention, the system remained silent. Detection was only achieved through the development of custom analytics rules in Kusto Query Language (KQL). These findings highlight a critical gap between expected and actual security, demonstrating that active detection testing is essential for meeting the high security standards of the ISA/IEC 62443 framework.
Cuvinte cheie
cyber resilience
adversary emulation
defense evasion
SIEM detection
MITRE CALDERA
Istoric articol
Publicat
01.04.2026
Informații autori
Citare recomandată
C. M. CIOBANU, O. R. CHIVU, M. HELSTERN (2026). Cyber Resilience Assessment of Industrial Systems Using Mitre Caldera Adversary Emulation and Siem Detection: A Preliminary Study. Journal of Fiability and Durability, 1(1), 223–230. https://doi.org/10.65631/JFD.1(37).2026.27
Referințe bibliografice
[1]. Hopkin, P. Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management. Kogan Page, 2018.
[2]. Stouffer, K., Pillitteri, V.Lightman, S.,Abrams, M., and Hahn, A. Guide to Industrial Control Systems (ICS) Security. NIST SP800-82 Rev.2. National Institute of Standards and Technology, 2015
[3]. MITRE Corporation. MITRE ATT&CK for ICS Knowledge Base. MITRE Corportation 2020.
[4]. Jiang, Y., Meng, Q., Shang, F., Oo, N., Le T.H.M., Lim, H.W., and Sikdar, B. MITRE ATT&CK Applications in Cybersecurity and The Way Forward. arXiv preprint ar Xiv:2502.1085,2025
[5]. MITRE Corporation. CALDERA: Automated Adversary Emulation Pltform. MITRE Corporation, 2023
[6]. International Electrotechnical Commission. IEC 62443: Security for Industrial Automation and Control Systems.IEC,2021
[7]. Dragos, Inc. ICS/OT Cybersecurity Year in Review 2022. Dragos, Inc.,2023 [8]. Dragos,Inc. Living Off the Land in ICS/OT Cybersecurity. Dragos, Inc., 2019
[9]. O’Meara, K., Graham, M., and Ahlers, C. Impact of FrostyGoop ICS Malware on
Connected OT Systems. Dragos Intelligence Brief, Dragos, Inc., 2024
[10]. Christopher, J.D. The 2024 State of ICS/OT Cybersecurity. SANS Institute Survey Report, SANS Institute, 2024.
[11]. Strom, B.E., Applebaum, A., Miller D.P., Nickels, K.C., Pennington, A.G., and Thomas, C.B.MITRE ATT&CK:Design and Philosophy. MITRE Corporation Technical Report, 2020.
[12]. Portase, R.M., Colesa, A., and Sebestyen, G. SpecRep: Adversary Emulation Based on Attack Objective Specification in Heterogeneous Infrastractures. Sensors, Vol.24, No.17, 2024. [13]. Shirazi, P., and Padyab, A. Discerning Challenges of Security Information and Event Management (SIEM) Systems in Large Organizations. In: Clarke, N.,Furnell, S.(eds) Human Aspects of Information Security and Assurance. IFIP Advances in Information and Communication Technology, Vol. 721. Springer, 2025.
[14]. Manzoor, J., Waleed, A., Jamali, A.F., and Masood, A., Cybersecurity on a Budget: Evaluation Security and Performance of Open-Source SIEM Solutions for SMEs. PLOS ONE. Vol 19, No.3, 2024
[15]. International Society of Automation. ANSI/ISA-62443-2-1-2024: Security Program Requirements for IACS Asset Owners.ISA, 2024.