MITRE Caldera for OT tool enables security teams to run automated adversary emulation exercises

MITRE is launching its MITRE Caldera for OT tool, which allows security teams to run automated adversary emulation exercises that are specifically targeted against operational technology (OT).

At RSA Conference 2023, MITRE is also showcasing its Infrastructure Susceptibility Analysis (ISA) to identify and prioritize mitigations by looking at how adversaries compromise infrastructure and what is needed to stop them.

“Cybersecurity within critical infrastructure is paramount for national security, the economy, and the safety of the public,” said Mark Bristow, director, Cyber Infrastructure Protection Innovation Center, MITRE.

“OT and industrial control systems (ICS) need innovative security solutions in order to be more resilient against increasing cyber threats. Often, a compliance-based approach has been taken to ICS cybersecurity which ultimately focuses on ‘easy to measure’ security controls like patch levels and password complexity. Instead, MITRE is offering better ways to measure risk and emulate threats that allow us to prioritize which potential scenarios would have the most impact on essential community services,” Bristow continued.

How can ICS/OT organizations prioritize their cybersecurity efforts?

Many organizations struggle to assess risk and prioritize their cybersecurity efforts for their OT systems. Leveraging a traditional IT playbook without an OT-specific solution does not provide enough coverage.

MITRE’s ISA methodology indicates which risks to prioritize based on the OT system’s susceptibility to adversaries and its current architecture. ISA expands on current threat intelligence approaches, using risk-based context, to enable organizations to reduce the risk to their operational environments.

MITRE constructed its ISA methodology by building on several existing MITRE capabilities and research areas, including MITRE ATT&CK for ICS, CAPEC, and Threat-Informed Failure Scenario Development to build a new model that allows asset owners to assess the most likely adversary kill chains.

The result is a multi-step and evolved process, which assists organizations with understanding the potential effects of cyber-attacks at a highly technical level. At the same time, these technology-specific insights are combined with distilled threat information to generate actionable intelligence for OT systems.

How can ICS/OT organizations know their cyber defenses are robust?

“During the last few years, OT owners and operators have made significant investments to increase their security postures. While these investments are a great step forward, many of these capabilities have not been thoroughly validated to ensure they are working as designed,” added Bristow. “Instead, MITRE Caldera for OT enables security teams to evaluate their cyber defenses against known OT adversaries.”

OT security teams can leverage MITRE Caldera for OT as an automated, preventive tool to examine their OT cyber environment and determine if there are any existing vulnerabilities that adversaries could exploit or gaps in their security architecture.

MITRE Caldera for OT, as part of the MITRE Caldera framework, provides OT-focused plug-ins to enhance red or blue team training, product testing and evaluation, or even measurement against acceptance testing milestones.

Built on the MITRE ATT&CK for ICS framework, MITRE Caldera for OT emulates the attack path and attacker capabilities that are defined either through ATT&CK for ICS or other custom-built plug-ins.