MITRE & CISA Release Open-Source MITRE Caldera™ Extension for Operational Technology

MCLEAN, Va. & BEDFORD, Mass.--(BUSINESS WIRE)--MITRE Caldera™ for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology (OT).

The first Caldera for OT extensions were developed in partnership between the Homeland Security Systems Engineering and Development Insititute™ (HSSEDI), a federally funded research and development center that is managed and operated by MITRE for the Department of Homeland Security (DHS), and the Cybersecurity and Infrastructure Security Agency (CISA) to increase the resiliency of critical infrastructure.

Adversary emulation has long helped defenders of information systems to exercise and improve their cyber defenses by using real adversary techniques. As an open-source, scalable adversary emulation platform with MITRE ATT&CK^® as its backbone, Caldera helps cyber defenders save time, money, and energy by automating adversary emulation operations, security assessments, and red-, blue-, and purple-teaming. With the release of Caldera for OT, defenders of industrial control systems now have this same benefit. Caldera for OT also enables Factory and Security Acceptance Testing (FAT/SAT), where a reliable and consistent testing process is critical to ensure an accurate and repeatable assessment.

“Protecting our nation’s critical infrastructure is essential. With Caldera for OT, we are pleased to partner with CISA to help defenders of operational technology exercise and improve the defenses of these critical systems,” said Yosry Barsoum, vice president and director, Center for Securing the Homeland at MITRE.

This work emerged from CISA and HSSEDI’s collaboration to automate adversary emulation simulations in CISA’s Control Environment Laboratory Resource (CELR), a simulated environment for research on operational technology. CISA and HSSEDI identified adversary techniques to emulate and built them into Caldera. These techniques and abilities form the foundation of the Caldera for OT extensions. To date, CISA has used Caldera to help its government and industry partners learn how best to address threats to their OT systems.

“Continued cyber threats to OT systems require a concerted focus on supporting the critical infrastructure community with actionable tools and resources,” said Eric Goldstein, executive assistant director for cybersecurity, CISA. “Through our ongoing collaboration with HSSEDI, we are leveraging our collective expertise and resources to develop innovative measures that safeguard critical systems. Caldera for OT, as well as CELR, can help critical infrastructure owners and operators protect their systems against emerging threats.”

Our nation’s critical infrastructure—including public transportation, commerce, clean water, and electricity—relies on operational technology, but that technology often has weak security spots. Caldera for OT empowers security teams with new tools to help ensure the safe and secure function of critical infrastructure, thus improving our nation’s resiliency posture.

Caldera for OT is now available on GitHub. As an open-source platform, Caldera for OT will continue to expand to new environments, protocols, and attacks. MITRE appreciates CISA’s partnership in contributing the first set of modules and is already working internally, with CISA, and with other organizations to develop and release the next set of Caldera for OT open-source modules.

To learn more, read Caldera’s blog on today’s release.

About CISA
As the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day. Visit CISA.gov for more information.

About HSSEDI
The Homeland Security Systems Engineering and Development Institute (HSSEDI) drives discoveries that improve our nation’s safety and make our institutions more resilient in the face of threats. Since 2009, MITRE has operated HSSEDI serving as a national resource and objective adviser for accelerating homeland security impact.

About MITRE
MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and as an operator of federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. Learn more at mitre.org.