Awesome
MITRE Caldera™ for OT plugin: IEC 61850
A MITRE Caldera™ for OT plugin supplying Caldera with IEC 61850 standard series TTPs mapped to MITRE ATT&CK® for ICS v14. This is part of a series of plugins that provide added threat emulation capability for Operational Technology (OT) environments.
Currently this plugin provides coverage for IEC 61850 services that use Manufacturing Message Specification (MMS) protocol messages. These are unicast-type messages used to exchange analog or digital state information about the controlled process. The other message types defined by the IEC 61850 series, including Generic Object Oriented System Event (GOOSE) and Sampled Value (SV) messages, are not supported in this release.
Full IEC 61850 plugin documentation can be viewed as part of fieldmanual, once the Caldera server is running.
Installation
To run Caldera along with the IEC 61850 plugin:
- Download Caldera as detailed in the Installation Guide
- Copy this repository into Caldera's plugin directory:
caldera/plugins
. You can do this in (at least) two ways:- Download the source code from the Releases section of this repository and extract the archive file into the
caldera/plugins
directory. - Use the command line to clone the repository. Navigate to the
caldera/plugins
directory and enter the following command:
- Download the source code from the Releases section of this repository and extract the archive file into the
git clone https://github.com/mitre/iec61850.git
- Download the required compiled payload(s) from the Releases section of the
iec61850-payloads
repository. The downloadable payloads are available under the Assets header of the latest release. - Save the downloaded payload file(s) in the
caldera/plugins/iec61850/payloads
directory of your Caldera installation. - Enable the iec61850 plugin. To do this, add
- iec61850
to the list of enabled plugins in eitherconf/local.yml
orconf/default.yml
(if running Caldera in insecure mode)
Version
This plugin has been tested with Caldera v4.2.0 and v5.0.0. The latest version of Caldera can be cloned using the following method:
git clone https://github.com/mitre/caldera.git --recursive
Plugin Payload Source Code
For additional information on the IEC 61850 plugin payload source code, please see the iec61850-payloads
repository.
Usage
- Install and enable the plugin as described above.
- Optionally, create a fact source to store attributes of the target system. An example is provided here.
- Start the Caldera server
- Create a new Operation, optionally using the fact source from step 2.
- Use "Add Potential Link" to run a specific ability from this plugin. Fact values can can be entered manually, or selected from a fact source.