The CISA booth at the 2023 Black Hat conference in Las Vegas. Image: Jonathan Greig / The Record

CISA, MITRE shore up operational tech networks with adversary emulation platform

The Cybersecurity and Infrastructure Security Agency (CISA) has partnered with the nonprofit MITRE to develop a cyberattack emulation platform specifically for operational technology (OT) networks.

The project is an extension of MITRE Caldera — an open-source tool designed to help cybersecurity officials reduce the amount of time and resources needed for routine cybersecurity testing. Caldera helps cybersecurity teams emulate adversaries, test how platforms respond to attacks, and more.

The platform for OT extensions was developed in partnership between the Homeland Security Systems Engineering and Development Institute (HSSEDI) — a federally funded research and development center that is managed and operated by MITRE for the Department of Homeland Security (DHS) — and CISA in an effort to increase the resiliency of critical infrastructure. The tool is now publicly available as an extension of the original Caldera platform.

Nick Tsamis, chief engineer at MITRE Cybersecurity, told Recorded Future News that cyber teams still face significant challenges becoming comfortable working within the unique constraints of OT systems. Both system installations and the tools available for use are highly specialized.

“One of the key challenges we’re focused on is getting easy-to-use and extensible capabilities in the hands of those tasked with defending critical infrastructure. With Caldera for OT, we seek to empower operational stakeholders to effectively develop and share knowledge, experience, and lessons learned with the larger OT cybersecurity community,” he said.

“We’re eager to continue further development efforts to increase the capabilities provided by this important project.”

Cybersecurity teams in the government and private sector have long used adversary emulation to study ways to better defend information systems, test their response to attacks and measure the quality of their techniques.

Caldera for OT now provides defenders of industrial control systems better options for conducting security assessments, and red-, blue-, and purple-teaming.

Eric Goldstein, executive assistant director for cybersecurity at CISA, said cyber threats to OT systems “require a concerted focus on supporting the critical infrastructure community with actionable tools and resources.”

“Through our ongoing collaboration with HSSEDI, we are leveraging our collective expertise and resources to develop innovative measures that safeguard critical systems,” he said.

The initiative evolved out of a collaboration on automated adversary emulation simulations at CISA’s Control Environment Laboratory Resource (CELR), a simulated environment for research on operational technology.

The two organizations identified several adversary techniques that could be emulated and built into Caldera.

OT and ICS systems are used in everything from public transportation, commerce, water, electricity and more.

Cybersecurity experts continue to find severe vulnerabilities in operational technology networks as well as industrial control systems. Researchers from OT security firm Dragos said the number of ransomware attacks on industrial infrastructure grew significantly in 2022, with the firm tracking more than 600 incidents last year.

“Protecting our nation’s critical infrastructure is essential,” said Yosry Barsoum, vice president and director at the Center for Securing the Homeland at MITRE.

“With Caldera for OT, we are pleased to partner with CISA to help defenders of operational technology exercise and improve the defenses of these critical systems.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.