ATT&CK for ICS is attempting to be an encyclopedia of ICS threat behaviors. Austin Scott of Dragos shows how they, and you can, use ATT&CK for ICS to test and understand coverage for detection.
He mapped the 11 adversary groups that Dragos follows across the 11 ATT&CK for ICS tactics, and provides a detailed example of the threat group behind the Triton/Trisis incident. This example maps both the tactics and techniques, and shows how you could expand this example to be prepared to look for future attacks on different vendor safety systems.