MITRE and the Cybersecurity and Infrastructure Security Agency (CISA) released the open-sourced extension of the MITRE Caldera™ platform, specifically for operational technology (OT). With it, security teams can run automated adversary-emulation exercises specifically focused on threats to OT. On Federal News Network, Federal Drive with Tom Temin spoke with Alex Reniers, chief, industrial controls systems, CISA, and John Wunder, department manager of cyber threat intelligence and adversary emulation, MITRE, on what MITRE Caldera for OT means for defenders of critical infrastructure.
Reniers said, “Whether it be a nation state actor or a cybercriminal actor doing ransomware, the impetus is on the defenders to really step up their game. But I think that’s where CISA and our partnership with federally funded R&D centers is really what we’re trying to do and help out the defenders as much as possible.”
To help defenders learn from adversary behavior, Wunder explains, “we really stay oriented on the adversary. We look at reporting called cyber threat intelligence about what adversaries are doing. That includes both on the enterprise side on how are they talking IT systems and networks, and on the OT side, there’s thankfully fewer attacks to OT that we see reported publicly. But we can kind of look at what those attacks look like. And then we emulate their attacks. And we do a little bit of pivoting from that and say, if adversaries are typically doing this, they’re probably or likely to also do that. And then therefore, we can emulate that as well.”
“The added benefit of keeping it as an open source project is you have other people partnering on it with you and their exchange of information. MITRE has been wonderful as far as engaging those folks and getting their approaches. Having an open source gives us that advantage of people contributing to expand the project,” added Renier.