MITRE Debuts Cyber Risk Analysis & Adversarial Emulation Tools to Secure Critical Infrastructure

Infrastructure Susceptibility Analysis & MITRE Caldera for Operational Technology test effective cybersecurity recommendations to stop real-world adversaries & validate current efforts

SAN FRANCISCO--()--How do we ensure the reliability of key community services such as clean water and consistent power? Cyber vulnerabilities and weaknesses are everywhere within critical infrastructure, but which vulnerabilities must be mitigated first? At RSA 2023, MITRE is showcasing its Infrastructure Susceptibility Analysis (ISA) to identify and prioritize mitigations by looking at how adversaries compromise infrastructure and what is needed to stop them. MITRE also is launching its MITRE CalderaTM for OT tool, which allows security teams to run automated adversary emulation exercises that are specifically targeted against operational technology (OT).

“Cybersecurity within critical infrastructure is paramount for national security, the economy, and the safety of the public,” said Mark Bristow, director, Cyber Infrastructure Protection Innovation Center, MITRE. “OT and industrial control systems (ICS) need innovative security solutions in order to be more resilient against increasing cyber threats. Often, a compliance-based approach has been taken to ICS cybersecurity which ultimately focuses on ‘easy to measure’ security controls like patch levels and password complexity. Instead, MITRE is offering better ways to measure risk and emulate threats that allow us to prioritize which potential scenarios would have the most impact on essential community services.”

How can ICS/OT organizations prioritize their cybersecurity efforts?

Many organizations struggle to assess risk and prioritize their cybersecurity efforts for their OT systems. Leveraging a traditional IT playbook without an OT-specific solution does not provide enough coverage. MITRE’s ISA methodology indicates which risks to prioritize based on the OT system’s susceptibility to adversaries and its current architecture. ISA expands on current threat intelligence approaches, using risk-based context, to enable organizations to reduce the risk to their operational environments.

MITRE constructed its ISA methodology by building on several existing MITRE capabilities and research areas, including MITRE ATT&CK® for ICS, CAPEC™, and Threat-Informed Failure Scenario Development to build a new model that allows asset owners to assess the most likely adversary kill chains. The result is a multi-step and evolved process, which assists organizations with understanding the potential effects of cyber-attacks at a highly technical level. At the same time, these technology-specific insights are combined with distilled threat information to generate actionable intelligence for OT systems.

How can ICS/OT organizations know their cyber defenses are robust?

“During the last few years, OT owners and operators have made significant investments to increase their security postures. While these investments are a great step forward, many of these capabilities have not been thoroughly validated to ensure they are working as designed,” added Bristow. “Instead, MITRE Caldera for OT enables security teams to evaluate their cyber defenses against known OT adversaries.”

OT security teams can leverage MITRE Caldera for OT as an automated, preventive tool to examine their OT cyber environment and determine if there are any existing vulnerabilities that adversaries could exploit or gaps in their security architecture. MITRE Caldera for OT, as part of the MITRE Caldera framework, provides OT-focused plug-ins to enhance red or blue team training, product testing and evaluation, or even measurement against acceptance testing milestones. Built on the MITRE ATT&CK for ICS framework, MITRE Caldera for OT emulates the attack path and attacker capabilities that are defined either through ATT&CK for ICS or other custom-built plug-ins.

During RSA 2023 in San Francisco, attendees can learn more about ISA during a conference presentation on April 24 at 1:10 p.m., and more about MITRE Caldera for OT during a Meet the Expert presentation on April 25 at 1:30 p.m. in MITRE’s booth (#4438) in the Moscone South Hall. The week after RSA, attendees at SANS’ ICS Security Summit in Orlando can see MITRE Caldera for OT demonstrated in person. MITRE’s capabilities in securing critical infrastructure also will be showcased at the ICS Village Hack the Capitol event, May 10-11, hosted at MITRE’s headquarters in McLean, Va. For companies who would like more information about MITRE’s full range of OT expertise and capabilities, contact


MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. Learn more at


Media: Lisa Fasold,

Social Media Profiles


Media: Lisa Fasold,