{"description": "ICS techniques mitigated by Data Backup, ATT&CK mitigation M0953 (v1.0)", "name": "Data Backup (M0953)", "domain": "ics-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T0892", "comment": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.  Maintain and exercise incident response plans  (Citation: Department of Homeland Security October 2009), including the management of gold-copy back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0809", "comment": "Utilize central storage servers for critical operations where possible (e.g., historians) and keep remote backups. For outstations, use local redundant storage for event recorders. Have backup control system platforms, preferably as hot-standbys to respond immediately to data destruction events. (Citation: National Institute of Standards and Technology April 2013)\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0813", "comment": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.  Maintain and exercise incident response plans (Citation: Department of Homeland Security October 2009), including the management of gold-copy back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0815", "comment": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.  Maintain and exercise incident response plans  (Citation: Department of Homeland Security October 2009), including the management of gold-copy back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0826", "comment": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.  Maintain and exercise incident response plans  (Citation: Department of Homeland Security October 2009), including the management of gold-copy back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0827", "comment": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.  Maintain and exercise incident response plans  (Citation: Department of Homeland Security October 2009), including the management of gold-copy back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0828", "comment": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.  Maintain and exercise incident response plans  (Citation: Department of Homeland Security October 2009), including the management of gold-copy back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0829", "comment": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.  Maintain and exercise incident response plans  (Citation: Department of Homeland Security October 2009), including the management of gold-copy back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0831", "comment": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.  Maintain and exercise incident response plans  (Citation: Department of Homeland Security October 2009), including the management of gold-copy back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T0832", "comment": "Take and store data backups from end user systems and critical servers. Ensure backup and storage systems are hardened and kept separate from the corporate network to prevent compromise.  Maintain and exercise incident response plans  (Citation: Department of Homeland Security October 2009), including the management of gold-copy back-up images and configurations for key systems to enable quick recovery and response from adversarial activities that impact control, view, or availability.\n", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Data Backup", "color": "#66b1ff"}]}