Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/mitre/caldera-ot

MITRE Caldera™ for OT Plugins & Capabilities
https://github.com/mitre/caldera-ot

adversary-emulation bacnet caldera cybersecurity dnp3 mitre mitre-attack mitre-corporation modbus operational-technology ot profinet

Last synced: 13 days ago
JSON representation

MITRE Caldera™ for OT Plugins & Capabilities

Awesome Lists containing this project

README 

          
# MITRE Caldera™ for OT Plugins



A collection of plugins that extend [MITRE Caldera™](https://github.com/mitre/caldera) to the Operational Technology (OT) environment.



It is built on the [MITRE ATT&CK® for ICS framework](https://attack.mitre.org/matrices/ics/).



This repository contains all the Caldera for OT plugins as git submodules. As described in each individual plugin README, it is also possible to `git clone` a specific protocol plugin directly into the Caldera `plugins` directory, following the "Installation" guidance.



## Install Caldera for OT Plugins



To install all the Caldera for OT plugins, use the recursive flag while cloning this repository:



```

git clone https://github.com/mitre/caldera-ot.git --recursive

```



Note, that after performing the `git clone`, you will still need to:



1. Ensure the plugin(s) of interest are moved into the `caldera/plugins` directory of your caldera instance

2. Enable the plugin(s) by adding their names to the `conf/local.yml` or `conf/default.yml` (if running Caldera in insecure mode)



For example,

```

- bacnet

- dnp3

- modbus

- profinet

- iec61850

- gems

```



The OT plugins can also be setup individually:

* [bacnet](https://github.com/mitre/bacnet#readme)

* [dnp3](https://github.com/mitre/dnp3#readme)

* [modbus](https://github.com/mitre/modbus#readme)

* [profinet](https://github.com/mitre/profinet#readme)

* [iec61850](https://github.com/mitre/iec61850#readme)

* [gems](https://github.com/mitre/gems#readme)



### Installing the IEC 61850 Payloads



Using the IEC 61850 plugin requires the additional step of installing the plugin's payloads by following these steps:

1. Download the appropriate compiled payload from the **Releases** section of the [iec61850-payloads](https://github.com/mitre/iec61850-payloads/releases) repository.

2. Save the downloaded payload file(s) in the `caldera/plugins/iec61850/payloads` directory of your Caldera installation.



## What are the Caldera for OT plugins?



The Caldera for OT plugins unify and expose open-source OT protocol libraries in the form of protocol specific plugins:

* `bacnet` - Building Automation and Control Networks protocol

* `dnp3` - Distributed Network Protocol 3 protocol

* `modbus` - Modbus protocol

* `profinet` - Profinet protocol _(Basic Discovery and Configuration Protocol (DCP) only)_

* `iec61850` - IEC 61850 series of communication protocols _(Manufacturing Message Specification (MMS) only)_

* `gems` - Ground Equipment Management Service protocol



Each plugin contains the following documentation:

* High-level README.md

* Source code specific README.md (located under `/src`)

* Caldera `fieldmanual` documentation (located under `/docs`)



### What is the motivation for the plugins?



The Caldera for OT plugins enable adversary emulation in the OT environment, which supports traditional Caldera [use cases](https://caldera.mitre.org/). For example, training and testing of operators and defenses.



Also see our presentation on [Emulating Adversary Actions in the Operational Environment with Caldera (TM) for OT](https://speakerdeck.com/bjeffries/emulating-adversary-actions-in-the-operational-environment-with-caldera-for-ot).



## Contact



Please reach out to OT@mitre.org with comments, questions, and to discuss collaboration opportunities.



The Caldera for OT team can also be reached on the official [Caldera Discord](https://discord.gg/6bZ2srcqya).