Emulating Adversary Actions in the Operational Environment with Caldera OT 

SANS ICS Security Summit 2023
Emulating Adversary Actions in the Operational Environment with Caldera OT
Speakers: Misha Belisle, Senior Applied Cybersecurity Engineer, MITRE Blaine Jeffries, Operational Technology Security Engineer, MITRE
Utilizing the Caldera Core, Caldera OT is a cybersecurity framework and associated software that is designed to easily run autonomous breach-and-simulation exercises that are specifically targeted against Operational Technology (OT) / Industrial Control Systems (ICS). Caldera OT enables the creation of plug-ins that can be tailored for specific environments or a generalized system of OT devices and protocols. Like Caldera, Caldera OT is built upon the MITRE ATT&CK™ framework. Caldera OT will enable multiple types of engagements including compliance & certifications, detection engineering support (blue team), adversary emulation support (red team), and as a training tool for both blue and red teams (purple team). Using a standardized tool, users will achieve the benefits of reduced operator workload, consistency in OT, and the ability to develop and capture standard testing metrics. Attendees can expect an overview of the Caldera OT software including plug-in structure, operating requirements, and a deployment tutorial. This will be followed by a demonstration of Caldera OT in a simulated OT system. Actionable takeaways will include an understanding of the extensive capabilities of Caldera OT as well as potential use cases in the individual attendee’s environment.
View upcoming Summits: www.sans.org/u/DuS