A model describing the stages of a cyber attack, from initial reconnaissance to actions on objectives. The term comes from military usage (stopping an attack by breaking the chain at any stage). In ICS security, you might hear about the “ICS kill chain” which adapts these stages to control system scenarios (like initial penetration, then moving into control network, then manipulating process). The Lockheed Martin kill chain stages (Recon, Weaponization, Delivery, Exploitation, Installation, Command & Control, Actions) or the MITRE ATT&CK framework can be considered in analyzing how an attacker might systematically progress to sabotage a physical process. The takeaway: thinking in kill-chain terms helps defenders put in controls to interrupt the adversary early (e.g., catch them in the reconnaissance or delivery phase before any damage is done).
