Adversary emulation exercises using our open-source Caldera™ for Operational Technology platform enable critical infrastructure operators of all sizes to prepare for mounting cyber attacks.
MITRE Connects: Protecting U.S. Critical Infrastructure
Last fall, an Iranian government-linked group hacked a small water authority serving 15,000 residents in Pittsburgh. The breach, one of several by the same state actor, targeted Israeli-made equipment in response to the Israel-Hamas war.
The attack was identified, averted, and didn’t ultimately affect civilian end users, but the incident served as a reminder of our nation’s critical infrastructure vulnerabilities against the backdrop of an increasingly contentious geopolitical landscape.
Earlier this year, in an op-ed in The Hill, our Chief Technology Officer Charles Clancy sounded the alarm about China’s dramatically escalating threats. President Xi Jinping publicly announced he would be ready to invade Taiwan by 2027—plans that likely include disrupting our military’s ability to step in.
In addition to an increasingly targeted water sector, energy, communication, transportation, and natural gas are all at risk of being hacked. "We are very privileged in the western world not to have had major cyber effects that impact our day-to-day life," says Mark Bristow, director of MITRE’s Cyber Infrastructure Protection Innovation Center. "But now that’s the goal of the adversary."
MITRE is working with government agencies and operational technology (OT) operators to develop technologies, practices, and approaches to protect critical infrastructure.
We all have to work together to solve these big problems.
A Complicated Landscape
While some critical systems are run by local, state, or the federal government, most are operated by private industry. For example, the U.S. has more than 150,000 independent water utility operators. Small utilities running on thin margins don’t have the resources to dedicate to cybersecurity.
Additionally, their systems—many of which deployed 20 to 30 years ago—were not designed to be interconnected in the ways they are today, giving adversaries an advantage.
"It's unfair to ask a regional or even a city water utility to defend itself from China," Bristow says. "At the end of the day without help, they're not going to win that fight."
Democratizing Security Testing
Smaller utilities can prepare for attacks by running real-world adversary emulation exercises using MITRE’s Caldera for OT open-source tool.
The first Caldera for OT extensions were developed in partnership between the Homeland Security Systems Engineering and Development Institute™, the federally funded research and development center that MITRE operates for the Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency (CISA).
We’ve taken it a step further at MITRE headquarters in McLean, Va. Our Smart Connected Analytic Learning Exchange Lab features a large-scale model city with a typical municipal environment segmented by hospital, military, residential, nuclear, transportation areas.
Coined "Cyber City," the tabletop is available for government entities and asset operators to test worst case cyberattack scenarios using Caldera for OT. The tactical demonstrations help users visualize the cascading effects of attacks and the interdependency among systems.
"That's really where the power of this modeling comes in," Bristow explains. "In addition to being an effective communication tool, it also enables us to do integrated research and analytics across multiple different types of technologies."
By bringing together government and industry, MITRE is bolstering the nation’s critical infrastructure. "We all have to work together to solve these big problems," Bristow says.
Contributors: Catherine Trifiletti, Joshua Gottschling, Cooper Bennett, and Mike Mahoney
Interested in solving problems for a safer world? Join our community of innovators, learners, knowledge-sharers, and risk takers. View our Job Openings and Student Programs. Subscribe to our MITRE 360 Newsletter.