A collection of plugins that extend MITRE Caldera™ to the Operational Technology (OT) environment.
It is built on the MITRE ATT&CK® for ICS framework.
This repository contains all the Caldera for OT plugins as git submodules. As described in each individual plugin README, it is also possible to git clone
a specific protocol plugin directly into the Caldera plugins
directory, following the "Installation" guidance.
To install all the Caldera for OT plugins, use the recursive flag while cloning this repository:
git clone https://github.com/mitre/caldera-ot.git --recursive
Note, that after performing the git clone
, you will still need to:
- Ensure the plugin(s) of interest are moved into the
caldera/plugins
directory of your caldera instance - Enable the plugin(s) by adding their names to the
conf/local.yml
orconf/default.yml
(if running Caldera in insecure mode)
For example,
- bacnet
- dnp3
- modbus
- profinet
- iec61850
The OT plugins can also be setup individually:
Using the IEC 61850 plugin requires the additional step of installing the plugin's payloads by following these steps:
- Download the appropriate compiled payload from the Releases section of the iec61850-payloads repository.
- Save the downloaded payload file(s) in the
caldera/plugins/iec61850/payloads
directory of your Caldera installation.
The Caldera for OT plugins unify and expose open-source OT protocol libraries in the form of protocol specific plugins:
bacnet
- for the Building Automation and Control Networks (BACnet) protocoldnp3
- for the Distributed Network Protocol 3 (DNP3)modbus
- for the Modbus protocolprofinet
- for the Profinet protocol - Basic Discovery and Configuration Protocol (DCP) onlyiec61850
- for the IEC 61850 series of communication protocols - Manufacturing Message Specification (MMS) only
Each plugin contains the following documentation:
- High-level README.md
- Source code specific README.md (located under
/src
) - Caldera Field Manual documentation (located under
/docs
)
The Caldera for OT plugins enable adversary emulation in the OT environment, which supports traditional Caldera use cases. For example, training and testing of operators and defenses.
Also see our presentation on Emulating Adversary Actions in the Operational Environment with Caldera (TM) for OT.
Please reach out to [email protected] with comments, questions, and to discuss collaboration opportunities.
The Caldera for OT team can also be reached on the official Caldera slack.