About CIC-ATT&CK

Critical Infrastructure Cybersecurity

A comprehensive threat intelligence platform implementing the MITRE ATT&CK® framework to protect critical infrastructure and enable threat-informed defense strategies.

Launched & Managed By

Institute for Critical Infrastructure Cybersecurity

The World's Leading Cybersecurity Think Tank

The Institute for Critical Infrastructure Cybersecurity (ICIC) is an independent, internationally focused research institute. We study the adversaries who compromise power grids, water systems, hospitals, transport networks, and government institutions. Our work combines traditional threat intelligence with advanced analytical frameworks to produce rigorously verified profiles, campaign reconstructions, and strategic briefings on the world's most consequential hacker groups and APTs.

Research, not remediation. ICIC does not sell tools or manage networks. Instead, we operate as an academic think tank and intelligence lab devoted to understanding the adversary. Our internal analytical stack built on ARCS, ARCF, OmniSynth, the V Framework, and a superior APT profiling template transforms open source intelligence, technical telemetry, and historical incident data into evidence-driven research outputs.

Full AuditabilityV-Framework VisualizationMITRE ATT&CK Mapping

ICIC Services

Core Technologies

ARCS|Adversary Risk Classification System - Quantitative risk scoring

ARCF|Adaptive Regulatory Compliance Framework - Compliance mapping

OmniSynth|Multi-domain intelligence synthesis

Helios//x1000|Industrial control system threat analysis

V Framework|Vulnerability intelligence and visualization

Apex Omnimind|Advanced AI-driven threat correlation and analysis

ICIC Service Categories

60 specialized threat intelligence services organized across seven categories, each combining advanced frameworks with real-world intelligence.

Adversary Tactics

Deep analysis of threat actor behaviors, TTPs, campaign patterns, and adversary group profiling.

Analytical Frameworks

Structured methodologies for threat assessment, risk analysis, and intelligence evaluation.

Operational Intelligence

Real-time threat intelligence for active defense operations, incident response, and threat hunting.

Elite Tradecraft

Advanced analysis techniques for sophisticated threats including APT campaigns and zero-day vulnerabilities.

Provenance & Compliance

Audit-ready documentation with cryptographic verification and compliance mapping to NIST CSF, IEC 62443, ISO 27001.

Advanced Training

Scenario-driven training programs for security analysts, threat intelligence teams, and incident responders.

Sectors supported: Energy, Manufacturing, Healthcare, Supply Chain, Transportation, Government

ICIC Methodology

Methodology That Matches Nation-State Tradecraft

Our rigorous analytical approach ensures every assessment meets the highest standards of evidence and auditability.

Multimodal Evidence

Every major conclusion is supported by code artifacts, network telemetry, datasets, images, diagrams, or audio where available.

Crossmodal Corroboration

Claims that cannot be corroborated across modalities are explicitly flagged as provisional and routed into audit workflows.

Risk-Tiered Consensus

High-impact assessments require supermajority consensus under mathematically calibrated thresholds, with dissent preserved.

Regulatory Awareness

Adversary behavior is mapped to regulatory and industry frameworks relevant to critical infrastructure.

Full-Spectrum Provenance

All analytic steps are mapped to machine-readable provenance schemas and cryptographically hashchained logs for auditability.

Research Outputs

All outputs are generated through our internal analysis workflows and represent the only "services" ICIC provides to the outside world.

Deep profiles of advanced persistent threats and major hacker groups

Forensic reconstructions of high-impact campaigns

Sector-specific threat briefings for critical infrastructure

Methodological papers on adversary modeling, evidence fusion, and auditability

Built for Decision Makers Under Attack

ICIC's research equips these communities with adversary-centric insights they cannot easily obtain from vendor marketing or incident after-action reports.

National & Local Governments

Policy makers and national security agencies

Critical Infrastructure Operators

Energy, water, healthcare, and transportation sectors

Multilateral Organizations

International bodies focused on cyber norms

Academic Researchers

Scholars and investigative journalists

Civil Society Institutes

Policy institutes focused on cyber resilience

Our Mission

Empowering organizations to defend against sophisticated cyber threats through comprehensive threat intelligence and actionable security guidance.

Protect Critical Infrastructure

Provide comprehensive threat intelligence and defensive strategies to safeguard essential services including energy, water, healthcare, and transportation systems.

Enable Threat-Informed Defense

Leverage the MITRE ATT&CK framework to understand adversary behavior and implement targeted security controls based on real-world attack patterns.

Support Security Practitioners

Equip cybersecurity professionals with actionable intelligence, detection rules, and mitigation strategies to defend against sophisticated threats.

Advance Security Knowledge

Serve as a comprehensive educational resource for understanding cyber threats, attack techniques, and defensive best practices.

Platform Capabilities

A comprehensive suite of tools and resources for threat intelligence, detection engineering, and security operations.

Enterprise ATT&CK Matrix

226 techniques and 495+ sub-techniques mapped across 14 tactics

ICS/OT Matrix

82 techniques specific to Industrial Control Systems and SCADA environments

Threat Intelligence

171 threat groups with TTPs, campaigns, and attribution data

Mitigations Library

43 security mitigations mapped to techniques for effective defense

Detection Rules

26 Sigma and YARA rules for threat detection in SIEM and EDR

Export Capabilities

Export data in PDF, STIX 2.1, CSV, and JSON formats

Built on MITRE ATT&CK®

The Global Standard for Threat Intelligence

MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, government, and the cybersecurity product and service community.

Tactics

The "why" of an ATT&CK technique - the adversary's tactical goal.

Techniques

The "how" - the means by which adversaries achieve tactical goals.

Procedures

Specific implementations of techniques by adversaries.

Framework Statistics

Tactics

226

Techniques

495+

Sub-Techniques

171

Threat Groups

Campaigns

Mitigations

Acknowledgments

We acknowledge the following organizations whose work forms the foundation of this platform.

MITRE ATT&CK®

The foundation of this platform, providing the comprehensive knowledge base of adversary tactics and techniques.

CISA

Cybersecurity and Infrastructure Security Agency for threat advisories and critical infrastructure guidance.

NIST

National Institute of Standards and Technology for cybersecurity frameworks and standards.

Sigma Project

Open-source generic signature format for SIEM systems.

Disclaimer

This platform is provided for educational and informational purposes only. The information contained herein is based on publicly available threat intelligence and the MITRE ATT&CK® framework. MITRE ATT&CK® is a registered trademark of The MITRE Corporation. This platform is launched and managed by the Institute for Critical Infrastructure Cybersecurity (ICIC). Users should verify all information and consult with qualified security professionals before implementing any security measures.

Ready to Strengthen Your Defenses?

Explore the ATT&CK matrix, review threat intelligence, and implement effective security controls for your organization.