Podcast: Episode #37 - Nick Tsamis: Leveraging MITRE’s Adversary Emulation Platform in OT

Nick currently serves as Department Chief Engineer within the Cybersecurity Infrastructure Protection Innovation Center (CIPIC) at The MITRE Corporation where he works to develop strategies for protection against emerging threats on critical infrastructure. Nick led the technical efforts for the first release of Caldera for OT. He holds degrees in computer science and aerospace engineering, and resides in Honolulu, HI.

In September, MITRE and CISA announced that MITRE Caldera™ for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology (OT).

Our nation’s critical infrastructure—including public transportation, commerce, clean water, and electricity—relies on operational technology, but that technology often has weak security spots. Caldera for OT empowers security teams with new tools to help ensure the safe and secure function of critical infrastructure, thus improving our nation’s resiliency posture.

Caldera for OT is now available on GitHub. As an open-source platform, Caldera for OT will continue expanding to new environments, protocols, and attacks. MITRE partnered with CISA through the HSSEDI (Homeland Security Systems Engineering and Development Institute) to develop the first set of modules and continues to work internally, with CISA, and other organizations to develop and release the next set of Caldera for OT open-source modules.

‍In this episode, Aaron and Nick Tsamis discuss:

• Creating a common vernacular and building risk-appropriate solutions
• Standardizing cybersecurity practices in OT environments
• Enhancing OT security through customized Red Team assessments and protocol familiarization
• Navigating the intersection of human expertise and machine learning in cybersecurity

‍Key Takeaways:

• In bridging the worlds of IT and OT cybersecurity, the key is establishing a common language, understanding the crucial emphasis on availability and safety, and developing tools like Caldera to operate within OT protocols, ultimately shifting towards a balanced risk appetite in the industrial control sector.
• The adoption of Caldera for OT marks a transformative shift in cybersecurity testing, enabling standardized, real-world simulations in operational environments, bridging the IT-OT gap, fostering collaborative language, and empowering organizations to take calculated, transparent steps toward robust cyber defense strategies.
• Effective communication, trust-building, and tailored red teaming activities in OT environments empower teams to ask critical questions, understand protocols deeply, and conduct standardized tests, enhancing detection and asset identification, reducing barriers, and strengthening internal security.
• In the evolving landscape of OT and cybersecurity, we must harness the power of machine learning to assist human operators while maintaining vigilance in verifying the trustworthiness of data to avoid misinformed actions.

"Misinformation is a real thing, and if we're not trusting the information that's being provided at real time, the actions that I'm taking from a cybersecurity perspective may potentially do more harm than good." — Nick Tsamis
‍

Connect with Nick Tsamis:  

Mitre Blog: https://medium.com/@mitrecaldera

Mitre Email: OT@mitre.org

Website: https://www.mitre.org/

Email: slytle@mitre.org

LinkedIn: https://www.linkedin.com/in/nicktsamis/

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

‍

‍Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast 

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120