MITRE Caldera for OT tool streamlines cybersecurity assessments, helps defenders better respond to adversary behavior

Not-for-profit organization MITRE released at the ongoing RSA 2023 conference its MITRE Caldera for OT tool that allows security teams to run automated adversary emulation exercises targeted against OT (operational technology) environments. Built on the MITRE ATT&CK for ICS framework, MITRE Caldera for OT emulates the attack path and attacker capabilities that are defined either through ATT&CK for ICS or other custom-built plug-ins, enabling organizations to assess their cyber risk analysis and adversarial emulation tools to secure critical infrastructure environments.

As part of the MITRE Caldera framework, MITRE Caldera for OT provides OT-focused plug-ins to enhance red or blue team training, product testing, and evaluation, or even measurement against acceptance testing milestones. Additionally, OT security teams can leverage MITRE Caldera for OT as an automated, preventive tool to examine their OT cyber environment and determine if there are any existing vulnerabilities that adversaries could exploit or gaps in their security architecture. 

MITRE Caldera is a scalable, automated adversary emulation platform, whose cybersecurity framework has been developed by MITRE that empowers cyber practitioners to save time, money, and energy through automated security assessments. It helps cybersecurity professionals reduce the amount of time and resources needed for routine cybersecurity testing.

Many organizations struggle to assess risk and prioritize their cybersecurity efforts for their OT systems. Leveraging a traditional IT playbook without an OT-specific solution does not provide enough coverage. MITRE’s ISA methodology indicates which risks to prioritize based on the OT system’s susceptibility to adversaries and its current architecture. ISA expands on current threat intelligence approaches, using risk-based context, to enable organizations to reduce the risk to their operational environments.

MITRE constructed its ISA methodology by building on several existing MITRE capabilities and research areas, including MITRE ATT&CK for ICS, CAPEC, and Threat-Informed Failure Scenario Development to build a new model that allows asset owners to assess the most likely adversary kill chains. The result is a multi-step and evolved process, which assists organizations with understanding the potential effects of cyber-attacks at a highly technical level. 

At the same time, these technology-specific insights are combined with distilled threat information to generate actionable intelligence for OT systems, MITRE added.

The MITRE ATT&CK for ICS focuses on tactics and techniques of adversaries whose primary goal is disrupting an industrial control process, including supervisory control and data acquisition (SCADA) systems, and other control system configurations.

“Cybersecurity within critical infrastructure is paramount for national security, the economy, and the safety of the public,” Mark Bristow, director of MITRE’s Cyber Infrastructure Protection Innovation Center (CIPIC), said in a media statement. “OT and industrial control systems (ICS) need innovative security solutions in order to be more resilient against increasing cyber threats.” 

Bristow added that often, a compliance-based approach has been taken to ICS cybersecurity which ultimately focuses on ‘easy to measure’ security controls like patch levels and password complexity. “Instead, MITRE is offering better ways to measure risk and emulate threats that allow us to prioritize which potential scenarios would have the most impact on essential community services.”

“During the last few years, OT owners and operators have made significant investments to increase their security postures. While these investments are a great step forward, many of these capabilities have not been thoroughly validated to ensure they are working as designed,” added Bristow. “Instead, MITRE Caldera for OT enables security teams to evaluate their cyber defenses against known OT adversaries.” 

At the conference, MITRE is also showcasing its Infrastructure Susceptibility Analysis (ISA) to identify and prioritize mitigations by looking at how adversaries compromise infrastructure and what is needed to stop them. ISA is a systematic, repeatable process to ensure organizations can move ahead of cyber adversaries. Analytic methodologies are forward-leaning and leverage traditional cyber threat intelligence, along with systems and safety engineering expertise to understand what cyber-attacks are possible and probable.

The Infrastructure Susceptibility Analysis and MITRE Caldera for OT test effective cybersecurity recommendations to stop real-world adversaries, apart from validating current efforts.

Last month, MITRE debuted its System of Trust framework to address supply chain security challenges, providing the foundation needed for understanding supply chain risks. The framework focuses on identifying and assessing supply chain security risks, while also delivering assessment techniques. It will also be crucial to securing ‘robust and resilient’ supply chains, partners, components, and systems that are globally manufactured.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.