Prerequisites
The adversary needs to have real or fake classified/sensitive information to place on a system
Skills Required
Knowledge of classification levels of systems
The ability to obtain a classified document or information
The ability to fake a classified document
Mitigations
Properly safeguard classified/sensitive data. This includes training cleared individuals to ensure they are handling and disposing of this data properly, as well as ensuring systems only handle information of the classification level they are designed for.
Design systems with redundancy in mind. This could mean creating backing servers that could be switched over to in the event that a server has to be taken down for investigation.
Have a planned and efficient response plan to limit the amount of time a system is offline while the contamination is investigated.
References
REF-742
Managing a “Data Spill”
Florida Industrial Security Working Group (FISWG).
https://fiswg.research.ucf.edu/Documents/PPT/Manage%20a%20Data%20Spill-Contamination%20September%202015.pptx REF-743
data spillage
https://csrc.nist.gov/glossary/term/data_spillage
Submission
Name |
Organization |
Date |
Date Release |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2023-01-24 +00:00 |
Updated Alternate_Terms, Consequences, Description, Example_Instances, Extended_Description, Likelihood_Of_Attack, Mitigations, Prerequisites, References, Related_Attack_Patterns, Skills_Required, Typical_Severity |