Threat actors may obtain non-cyber capabilities, primarily physical weapons or systems. These capabilities vary significantly in the types of effects they create, the level of technological sophistication required, and the level of resources needed to develop and deploy them. These diverse capabilities also differ in how they are employed and how easy they are to detect and attribute and the permanence of the effects they have on their target.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.