MITRE and CISA Release OT Attack Emulation Tool

Written by

A new open source tool designed to emulate cyber-attacks against operational technology (OT) has been released by MITRE and the US Cybersecurity and Infrastructure Security Agency (CISA).

The MITRE Calder for OT is now publicly available as an extension to the open-source Caldera platform on GitHub. This will enable cyber professionals working with industrial control systems (ICS) to run automated adversary emulation exercises, with the purpose of consistently testing and boosting their cyber defenses. This also encompasses security assessments and red, blue and purple-teaming exercises.

This Caldera extension for OT was developed in partnership between the Homeland Security Systems Engineering and Development Institute (HSSEDI), a federally funded research and development center that is managed and operated by MITRE for the Department of Homeland Security (DHS), and CISA.

The initiative feeds into the federal government’s ambition to harden the security of critical infrastructure, such as water and energy, that rely on OT. This aim has been fleshed out in the US National Cybersecurity Strategy in March 2023, and President Biden’s Executive Order on Improving the Nation’s Cybersecurity in May 2021.

Commenting on the announcement, Eric Goldstein, executive assistant director for cybersecurity at CISA, said: “Continued cyber threats to OT systems require a concerted focus on supporting the critical infrastructure community with actionable tools and resources.

“Through our ongoing collaboration with HSSEDI, we are leveraging our collective expertise and resources to develop innovative measures that safeguard critical systems.”

The OT extension was built upon work from CISA and HSSEDI to automate adversary emulation simulations in CISA’s Control Environment Laboratory Resource (CELR). This enabled the identification of adversary techniques that could be built in Caldera.

MITRE, a non-profit that created the widely used ATT&CK framework for mapping threat actors’ techniques, tactics and procedures (TTPs), discussed its work in emulating attack processes and TTPs during Black Hat USA 2023.

It is currently working internally and with CISA and other organizations to release the next set of Caldera for OT open source modules.

Yosry Barsoum, vice president and director of the Center for Securing the Homeland at MITRE, said: “Protecting our nation’s critical infrastructure is essential. With Caldera for OT, we are pleased to partner with CISA to help defenders of operational technology exercise and improve the defenses of these critical systems.”

What’s hot on Infosecurity Magazine?