What is VATT&EK?
The VATT&EK framework stands for "Vehicle Adversarial Tactics, Techniques, and Expert Knowledge" and was specifically developed to address the cybersecurity challenges in Intelligent Transport Systems (ITS), particularly in the automotive and rail sectors. It is built on the TTP (Tactics, Techniques, and Procedures) approach and offers a structured method for categorizing and analyzing cyberattacks, extending concepts from the MITRE ATT&CK framework. VATT&EK originated from the research project FINESSE, in collaboration with automotive and rail manufacturers, operators, security researchers, and research institutions.
Tactics, Techniques, and Procedures (TTP)
Tactics, Techniques, and Procedures (TTP) are key concepts for describing and analyzing cyberattacks:
- Tactics: The strategic goals or motivations behind an attacker’s actions. They define the "what" of an attack, such as Initial Access or Defense Evasion.
- Techniques: The specific methods or ways attackers use to achieve their goals. They describe the "how" of an attack, such as Phishing or Malware Installation.
- Procedures: The concrete steps or actions attackers perform to implement their techniques. They provide a detailed description of the activities during an attack.
Domains: Automotive and Rail
Automotive: In the automotive sector, vehicles are increasingly connected and use modern technologies like infotainment systems, advanced driver assistance systems (ADAS), and vehicle-to-vehicle communication (V2V). These developments create new attack vectors that can be exploited by attackers. The VATT&EK framework helps systematically identify and counter these threats by detailing specific tactics and techniques for the automotive sectors.
Rail: In the rail sector, railway systems and infrastructures are also becoming increasingly digitalized and connected, making them vulnerable to cyberattacks. The VATT&EK framework provides a structured approach to analyzing and mitigating threats specific to the rail sector’s requirements and challenges. This includes securing communication between trains and infrastructure and protecting critical control systems