"MITRE Debuts Cyber Risk Analysis & Adversarial Emulation Tools to Secure Critical Infrastructure"
Critical infrastructure is riddled with cyber vulnerabilities, but the issue is which vulnerabilities must be mitigated first. MITRE is debuting its Infrastructure Susceptibility Analysis (ISA) that identifies and prioritizes mitigations by exploring how adversaries compromise infrastructure and what is required to stop them. MITRE is also releasing the MITRE Caldera for OT tool, which enables security teams to conduct automated adversary emulation exercises specifically aimed at Operational Technology (OT). Many organizations need help assessing risk and prioritizing their OT system cybersecurity efforts. The coverage provided by a traditional IT strategy without an OT-specific solution is insufficient. Based on the OT system's vulnerability to adversaries and its current architecture, MITRE's ISA methodology prioritizes risks accordingly. Using risk-based context, ISA expands on current threat intelligence approaches to help organizations reduce risk in operational environments. MITRE developed the ISA methodology using several existing MITRE capabilities and research areas, such as MITRE ATT&CK for ICS, CAPEC, and Threat-Informed Failure Scenario Development, to create a new model that enables asset owners to assess the most likely adversary kill chains. The outcome is a multi-step, evolving process that helps organizations understand the potential technical effects of cyberattacks. These technology-specific insights are combined with threat information to produce actionable intelligence for OT systems. This article continues to discuss MITRE's new cyber risk analysis and adversarial emulation tools aimed at bolstering the security of critical infrastructure.