OTCAD: Operational Technology Cyber Attack Database

The Operational Technology Cyber Attack Database (OTCAD) consists of OT-related cyber attacks mapped to MITRE’s ATT&CK® for ICS.

At its release, OTCAD contains data of 133 publicly known cyber attacks on OT between 1988 and 2020. Although databases similar to OTCAD exist already, a database of this size has not yet been publicly mapped to a single framework before. The lack of such mapping used to make it hard and time consuming to structurally analyze the OT threat landscape, e.g. to find changes in adversary behavior over time.

OTCAD aims to solve this problem by creating a publicly accessible database that can be extended and adjusted through collaborative means, which is made easy with the use of ATT&CK for ICS. This white paper presents the different information sources used to find the cyber attacks, ranging from sector-specific (white) papers to publicly available databases, and criteria used to create OTCAD.

Furthermore, it presents and discusses some of the trends that exist within OTCAD as an example of its capabilities. The raw data, consisting of the mapping and sources of each attack, and scripts to quickly interact with OTCAD can be found on the Secura Github page.