MITRE Launches a New Innovation Center to Protect Critical Infrastructure

In July 2018, then Director of National Intelligence Dan Coats said “the lights are ‘blinking red ’” when it comes to Russian cyberattacks against U.S. critical infrastructure.?He was drawing a parallel to a statement from then CIA director George Tenet who had described a similar state of affairs in the months before September 2001.?

An increasing number of nation states and criminal groups are targeting industry and Government operators of critical systems across the energy, transportation, manufacturing, defense, health, and other sectors.?Short of war, threatening another nation’s critical infrastructure is a powerful way for adversaries to project power or create strategic deterrence. Now, the lights are again blinking red about the cyber threat to critical infrastructure and potential impact in the physical world.

Adversary goals may be financial (e.g., ransomware), political messaging, or as an alternative to kinetic military action.?In July 2021, the Cybersecurity & Infrastructure Agency updated an alert to formally attribute a massive gas pipeline intrusion campaign against the U.S. to China.?Non-nation state criminal groups are also targeting critical infrastructure, as seen with the May 2021 Colonial Pipeline ransomware incident, attributed to the DarkSide ransomware gang.

As a global leader in cybersecurity, we at MITRE feel an imperative to help secure our nation’s infrastructure. So today, I’m announcing the launch of MITRE’s Cyber Infrastructure Protection Innovation Center, as part of MITRE Labs. The new center provides a focal point within MITRE for capabilities and solutions for securing the operational technology (OT) domain.?We’re starting with more than 50 of MITRE’s top experts in cyber-physical system security, and building a team drawn from across MITRE and the entire cybersecurity community.

Last year, we launched ?MITRE ATT&CK for Industrial Control Systems .?Critical infrastructure systems contain a mix of information and operational technologies.?Cyber threats in these environments have some key differences to enterprise information technology systems.?Since attackers have not historically targeted OT systems, industry has been slow to understand and characterize the threat or to place cybersecurity controls in place for OT.?MITRE ATT&CK’s extension into this domain gives everyone a common language for sharing information on the threat and will help the entire community develop a more informed view of real threat behaviors.

We’re also helping cybersecurity product developers bring better defenses to the community.?Three months ago, we did our first product evaluation focused on operational technology threats.?These evaluations are based on emulation of real-world threats, are impartial, and are sharable across the community.?The TRITON ICS Evaluations were the first to systematically test security products against a specific type of threat – in this case the malware used against a major petrochemical facility in Saudi Arabia in 2017.

In addition, we’re helping several government and industry partners assess their vulnerability, develop and test resilience approaches, and prototype defensive technologies.?We also have an active research program that is prototyping advanced concepts in detection, response, and recovery.?Cyber technologies developed for enterprise IT systems are sometimes challenging and expensive to adapt to OT and mixed IT/OT environments due to the diversity in hardware, real-time and other unique safety constraints.?Our experts are helping the cybersecurity industry create effective approaches to secure IO/OT environments.

There is a long way to go, which is why we’re establishing the new center. While assigning 50 cyber experts is a significant commitment, it’s just a starting point. We intend to grow considerably to scale our organization to meet the needs from government and industry.?After all, critical infrastructure is primarily in the hands of the private sector. ?We need to effectively partner across government and industry, balancing the needs of sector specific agencies with safety, regulatory and national security concerns, with the operational needs of infrastructure owners and operators.

Personally, I’m excited to see new energy from the White House on this topic, which recognizes “The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation.” What’s more, the administration is reaching out with new cross-agency collaborations with the private sector .

MITRE will continue to lead the industry forward with expertise and insights combining our unique blend of mission, technology, and operational expertise.