MITRE announces new Caldera for OT plugins with Profinet and IEC 61850

Not-for-profit organization MITRE announced Thursday an updated version of their Caldera for OT (operational technology) plugins. This latest iteration includes Profinet and IEC 61850 plugins, which are open-source and free to use. Organizations can download these scalable, automated adversary emulation platform plugins from the organization’s GitHub repository or update existing versions with the latest commit.

“With this update, the Caldera for OT plugins introduce 23 new OT abilities across the 2 new plugins, for a total of 52 distinct OT abilities,” Misha Belisle, Blaine Jeffries, and Devon Colmer, wrote in an MITRE Caldera Medium post. “Practitioners are now enabled to execute Profinet Discovery and basic Configuration Protocol (DCP) functionality and IEC 61850 services using the Manufacturing Message Specification (MMS) protocol.”

They added that the new release includes the Profinet protocol and IEC 61850 services using MMS protocol, which would not be possible if not for the libIEC61850 and the pnio_dcp. The latest plugins come with full documentation including installation guidance in the repository readme, and a thorough capability description accessible in-app with the Caldera ‘fieldmanual’ plugin.

The DCP is a protocol within Profinet used to identify and/or configure other Profinet devices on a given network. A practitioner can leverage this protocol to discover, profile, and even modify Profinet devices. The Profinet plugin adds seven new ATT&CK for ICS mapped abilities to Caldera such as ‘Profinet DCP Identify All’ and ‘Profinet DCP Set-IP.’ The Profinet plugin was developed under the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Control Environment Laboratory Resource (CELR) project.

MMS is one of the IEC 61850 series of power utility automation protocols, which defines an abstract data model and services. A practitioner can leverage this protocol to execute IEC 61850 services to perform collection, inhibit response function, and even impair process control. The IEC 61850 plugin adds 16 new ATT&CK for ICS mapped abilities to Caldera, such as ‘IEC 61850 — Get Logical Nodes’ and ‘IEC 61850 — Control.’ 

“We continue to expand the capabilities of this platform and thank our partners at Cybersecurity and Infrastructure Security Agency for their contribution of the Profinet work,” ​​Mark Bristow, director of MITRE’s Cyber Infrastructure Protection Innovation Center (CIPIC), wrote in a LinkedIn post. “Looking forward to continuing to support the OT security community with this open-source testing solution.”

In September, MITRE announced the release of Caldera for OT by its MITRE Caldera team. This collection of Caldera plugins offers comprehensive support for popular industrial protocols. These initial Caldera for OT extensions were developed in partnership with the Homeland Security Systems Engineering and Development Institute (HSSEDI), a federally funded research and development center that is managed and operated by MITRE for the U.S. Department of Homeland Security (DHS), and the CISA to increase the resiliency of critical infrastructure.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.