Defense Impairment
Details
| ID | PT0009 |
| MITRE ATT&CK ID | TA0112 |
| Created | 2026-06-22 |
| Last Modified | 2026-06-22 |
| Contributors | slashsec |
| Version Permalink | Link |
Description
The adversary is trying to degrade or defeat security controls.
Defense Impairment consists of techniques that interfere with guards, alarms, cameras, sensors, or response procedures so defenders detect or respond less effectively. Examples include tampering with devices, creating false alarms, and blocking lines of sight or communication.
Techniques
| ID | Name | Description |
|---|---|---|
| P0024 | Disable Sensor | Adversaries may deactivate, damage, or bypass physical security sensors so they no longer report events. Disabled sensors reduce detection of movement, entry, or environmental changes across the protected area. |
| P0024.001 | Disable Camera | Adversaries may disable or blind video cameras by cutting power, disconnecting cabling, damaging housings, or using switches and breakers that remove coverage. Camera outages create gaps in visual monitoring along routes and entry points. |
| P0024.002 | Disable Intrusion Sensor | Adversaries may disable intrusion detection devices such as motion detectors, door contacts, glass-break sensors, and beam barriers. Tampering or bypassing these sensors reduces alarm generation when adversaries cross protected boundaries. |
| P0024.003 | Disable Alarm Device | Adversaries may silence or disable audible and visual alarm appliances, panels, or notification paths. Impaired alarm devices delay or prevent staff and responders from learning that a sensor event occurred. |
| P0025 | Block Camera View | Adversaries may obstruct camera fields of view without necessarily disabling the device. Blocking methods include covering lenses, repositioning cameras, introducing blind spots with objects, or using glare and lighting to reduce usable footage. |
| P0026 | Employ Distraction | Adversaries may create events that draw guard or staff attention away from their activity. Distractions degrade effective monitoring and response by flooding defenders with false or competing priorities. |
| P0026.001 | Trigger False Alarm | Adversaries may intentionally cause alarm activations that are not tied to their objective, such as pulling manual stations, tripping sensors, or staging incidents. False alarms consume guard time and can desensitize staff to subsequent events. |
| P0026.002 | Stage Diversion | Adversaries may create non-alarm distractions such as staged disputes, medical incidents, delivery confusion, or commotion in another area. Diversion draws eyes and radios away from the adversary's actual location or route. |