MITRE and the US Cybersecurity and Infrastructure Security Agency (CISA) have collaborated to develop an open-source tool called MITRE Caldera for OT [1]. This tool is designed to enhance cyber defenses and facilitate Factory and Security Acceptance Testing (FAT/SAT) for accurate and repeatable assessments in industrial control systems (ICS).
Description
MITRE Caldera is an extension of the Caldera platform on GitHub [1] [3], specifically created for cyber professionals working with ICS. It enables them to conduct automated adversary emulation exercises, utilizing the MITRE ATT&CK framework [2]. By automating security assessments [2], this open-source adversary emulation platform allows for the emulation of attacks on operational technology systems. Its ultimate goal is to increase the resiliency of critical infrastructure [3].
MITRE Caldera is readily available on GitHub and will continue to expand its coverage to include new environments, protocols [3], and attacks [2] [3]. In collaboration with CISA and other organizations [3], MITRE is actively working on developing and releasing additional open-source modules for Caldera for OT [3].
Conclusion
The development of MITRE Caldera for OT has significant implications for the field of cybersecurity. By providing cyber professionals with a powerful tool for automated adversary emulation exercises, it enhances their ability to defend against cyber threats in industrial control systems. Additionally, the availability of MITRE Caldera on GitHub ensures that it can be easily accessed and utilized by a wide range of professionals.
Looking ahead, the ongoing expansion of MITRE Caldera to cover new environments, protocols [3], and attacks demonstrates a commitment to staying ahead of emerging threats. This collaborative effort between MITRE, CISA [1] [2] [3], and other organizations highlights the importance of open-source tools in strengthening the security of critical infrastructure.
References
[1] https://www.infosecurity-magazine.com/news/mitre-cisa-ot-attack-emulation-tool/
[2] https://allinfosecnews.com/item/mitre-and-cisa-release-caldera-for-ot-attack-emulation-2023-09-06/
[3] https://finance.yahoo.com/news/mitre-cisa-release-open-source-140000594.html
