MITRE Extends D3FEND Ontology to Operational Technology Cybersecurity

McLean, Va. and Bedford, Mass. – December 16, 2025 – MITRE extended its D3FEND™ cybersecurity ontology to operational technology (OT), creating a structured knowledge base for defending cyber-physical systems. OT includes the controllers, sensors, and actuators that manage physical processes in critical infrastructure, industrial environments, and the defense systems that support service members in their missions. Unlike information technology, which handles data and communications, OT directly affects how machines and systems operate.

As organizations modernize, OT systems are connected to networks and the cloud. This improves efficiency but also introduces new cyber risks, since many OT components were never built for internet exposure. The D3FEND extension provides a common framework to help the cybersecurity community better understand, secure, and sustain these essential systems.

Funded by the Cyber Warfare Directorate in the U.S. Office of the Under Secretary of War for Acquisition and Sustainment and the National Security Agency, D3FEND is expanding into specific domains, including cyber-physical systems that create real-world effects through programmed actions. D3FEND for OT delivers a stable, extensible, and integration-friendly framework to support cybersecurity operations and strategic decision making in OT environments.

By extending the D3FEND core ontology, D3FEND for OT enables OT engineers, defensive cyber engineers, cyber threat intelligence analysts, and others to use the D3FEND knowledge model to answer questions like:

• What are the fundamental artifacts, events, and relationships that comprise an OT security model?
• How do adversary capabilities and constraints abstractly map onto the structure and behaviors of our OT systems?
• What minimal observations and controls are necessary to infer malicious change and ensure safe, intended operation?

The OT workstream in D3FEND adds new artifacts including controllers, sensors, actuators, and OT network components; defines unique countermeasures; and provides mapping and links to other OT resources.

"Through D3FEND, we are advancing the cybersecurity frontier alongside the global community," said Wen Masters, vice president, cyber technologies, MITRE. "As a not-for-profit organization dedicated to national security, we are strategically positioned to tackle complex, high-stakes challenges. The launch of D3FEND for OT demonstrates our unwavering commitment to delivering unbiased, open-sourced tools that are mission-critical."

MITRE is committed to continuous collaboration with the cybersecurity ecosystem to evolve and scale the framework, ensuring it addresses the demands of an increasingly complex threat landscape. MITRE invites cyber engineers and other industry professionals to explore D3FEND, as participation in the community is integral to the success and utility of the ontology. With D3FEND and through strategic public-private alliances and its federally funded R&D centers, MITRE helps government and industry to address critical threats to national safety and stability.

About MITRE

MITRE’s mission-driven teams are dedicated to driving solutions to our nation’s most pressing challenges. As a not-for-profit research and development organization, MITRE’s staff leverage our unique multi-sponsor vantage point, systems expertise, and innovative solutions to ensure the health, prosperity, and security of our nation.

Media Contact: Sarah Lytle, media@mitre.org