Use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, API call, etc. behavior. (M1040 Behavior Prevention on Endpoint, MITRE ATT&CK®, Enterprise Mitigations, Version 13.1)
Wireless device communications should be encrypted and integrity-protected. The encryption must not degrade the operational performance of the end device. Encryption at OSI Layer 2 should be considered, rather than at Layer 3 to reduce encryption latency. The use of hardware accelerators to perform … (§ 6.2.1.5 ICS-specific Recommendations and Guidance ¶ 1 Bullet 6, Guide to Industrial Control Systems (ICS) Security, Revision 2)