MITRE and CISA Release Open Source Tool to Enhance Security of Operational Technology

A new open-source tool has been launched by MITRE and the US Cybersecurity and Infrastructure Security Agency (CISA) to emulate cyberattacks on operational technology (OT). This joint initiative aims to strengthen the security of critical infrastructure, including water and energy systems, which heavily rely on OT. The tool, known as “MITRE Calder for OT,” is now publicly available as an extension to the open-source Caldera platform on GitHub. Developed in partnership between the Homeland Security Systems Engineering and Development Institute (HSSEDI) and CISA, this tool marks a significant step in safeguarding critical infrastructure against cyber threats.

The MITRE Framework for OT (Operational Technology)

As an extension of the open-source Caldera platform, the MITRE Caldera for OT provides a comprehensive framework for emulating cyber-attacks on OT systems. This collaboration between HSSEDI and CISA offers an innovative solution for enhancing the security of critical infrastructure. By simulating potential cyber threats and emulating attack scenarios, defenders of operational technology can gain valuable insights and improve their defense mechanisms.

Importance of Actionable Tools and Resources

Eric Goldstein, the Executive Assistant Director for Cybersecurity at CISA, emphasizes the critical role of actionable tools and resources in supporting the critical infrastructure community. With the increasing frequency and sophistication of cyber threats targeting OT systems, it is vital to provide defenders with effective tools and resources to stay ahead of adversaries. The MITRE Calder for OT fills this gap by offering a practical and actionable solution to exercise and strengthen the defenses of critical systems.

Collaboration and Development

The MITRE Calder for OT extension builds upon the work of CISA and HSSEDI in automating adversary emulation simulations. The Control Environment Laboratory Resource (CELR) provided by CISA has been instrumental in this development. Leveraging the expertise of MITRE, renowned for creating the widely used ATT&CK framework for mapping threat actors’ techniques, tactics, and procedures (TTPs), the extension offers a comprehensive emulation capability. This collaboration reflects a collective effort to enhance the resilience of critical infrastructure against cyber threats.

Future Plans and Modules

MITRE, in collaboration with CISA and other organizations, is actively working on the next set of Caldera for OT open-source modules. These modules will further enhance the capabilities of the tool and enable defenders to simulate a broader range of attack scenarios. By continuously developing and expanding the resources available, MITRE and CISA strive to provide defenders with the necessary tools to bolster the security of operational technology and critical infrastructure.

Protecting Critical Infrastructure

Yosry Barsoum, Vice President and Director of the Center for Securing the Homeland at MITRE, highlights the significance of protecting the nation’s critical infrastructure. With the introduction of the MITRE Calder for OT, the partnership between MITRE and CISA aims to support defenders in exercising and improving the defense of operational technology systems. This collaborative effort ensures that critical infrastructure remains resilient against cyber threats and provides a robust defense against potential attacks.

Alignment with National Cybersecurity Strategy

The release of MITRE Calder for OT aligns with the US National Cybersecurity Strategy and President Biden’s Executive Order on Improving the Nation’s Cybersecurity. The government’s focus on hardening the security of critical infrastructure underscores the importance of investing in tools and resources that can strengthen defenses against cyber threats. The partnership between MITRE and CISA plays a pivotal role in achieving these strategic objectives and safeguarding the nation’s critical infrastructure.

The release of the MITRE Calder for OT represents a significant milestone in the ongoing battle to protect critical infrastructure from cyber threats. By providing defenders with an open-source tool and actionable resources, MITRE and CISA are empowering organizations to strengthen the security of their OT systems. This collaboration demonstrates a shared commitment to bolstering the defenses of operational technology and enhancing the resilience of critical infrastructure. Moving forward, continued collaboration and development in the field of cybersecurity will be essential to stay ahead of evolving cyber threats and safeguard the nation’s critical infrastructure.

Explore more

Ethereum Eyes $1,800 as Buterin Unveils Lean Roadmap

Digital asset markets often react violently to technical shifts, but the recent strategic pivot outlined by Vitalik Buterin has sparked a more calculated sense of optimism across the global decentralized finance ecosystem. The Ethereum network is currently navigating a pivotal transition phase where the complexity of past upgrades is being replaced by a streamlined vision designed to reduce hardware requirements

Can Your Android Device Run a Full Linux Desktop?

The modern smartphone possesses more raw computational power than the professional workstations that once powered global space exploration, yet its potential remains confined within a mobile interface. Android, while built on the robust Linux kernel, serves as a specialized environment that prioritizes touch interaction and energy efficiency over the versatile multitasking capabilities found in a traditional desktop setup. This inherent

Can Windows 11 Cloud Rebuild Replace Your Recovery USB?

The sudden failure of a primary operating system often triggers an immediate scramble for physical media, yet the necessity for a bootable USB drive is increasingly being challenged by sophisticated network-based solutions. For years, the gold standard for system recovery involved manual intervention with external hardware, which frequently contained outdated builds of Windows that required hours of patching after a

Can UiPath’s AI Strategy Bridge Its Massive Growth Gap?

The enterprise automation landscape has reached a critical juncture where the traditional efficiency gains of robotic process automation are no longer sufficient to satisfy investors who demand hyper-growth fueled by generative artificial intelligence. While UiPath built its empire on the promise of delegating repetitive tasks to software bots, the rapid emergence of agentic AI has forced a fundamental redesign of

Phishing Attacks Move Beyond Email to Collaboration Tools

The corporate inbox, once the primary battleground for cybersecurity, has become a fortress protected by sophisticated filtering and authentication protocols that stop most traditional threats. As these barriers have grown stronger, malicious actors have pivoted toward the softer underbelly of internal communications where employees feel most at ease. This tactical migration into platforms like Microsoft Teams and Slack represents a