Skip to content

mitre/iec61850

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
app
app
 
 
data
data
 
 
docs
docs
 
 
gui/views
gui/views
 
 
payloads
payloads
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
NOTICE.md
NOTICE.md
 
 
README.md
README.md
 
 
hook.py
hook.py
 
 

Repository files navigation

MITRE Caldera™ for OT plugin: IEC 61850

A MITRE Caldera™ for OT plugin supplying Caldera with IEC 61850 standard series TTPs mapped to MITRE ATT&CK® for ICS v14. This is part of a series of plugins that provide added threat emulation capability for Operational Technology (OT) environments.

Currently this plugin provides coverage for IEC 61850 services that use Manufacturing Message Specification (MMS) protocol messages. These are unicast-type messages used to exchange analog or digital state information about the controlled process. The other message types defined by the IEC 61850 series, including Generic Object Oriented System Event (GOOSE) and Sampled Value (SV) messages, are not supported in this release.

Full IEC 61850 plugin documentation can be viewed as part of fieldmanual, once the Caldera server is running.

Installation

To run Caldera along with the IEC 61850 plugin:

  1. Download Caldera as detailed in the Installation Guide
  2. Copy this repository into Caldera's plugin directory: caldera/plugins. You can do this in (at least) two ways:
    1. Download the source code from the Releases section of this repository and extract the archive file into the caldera/plugins directory.
    2. Use the command line to clone the repository. Navigate to the caldera/plugins directory and enter the following command:
git clone https://github.com/mitre/iec61850.git
  1. Download the required compiled payload(s) from the Releases section of the iec61850-payloads repository. The downloadable payloads are available under the Assets header of the latest release.
  2. Save the downloaded payload file(s) in the caldera/plugins/iec61850/payloads directory of your Caldera installation.
  3. Enable the iec61850 plugin. To do this, add - iec61850 to the list of enabled plugins in either conf/local.yml or conf/default.yml (if running Caldera in insecure mode)

Version

This plugin has been tested with Caldera v4.2.0 and v5.0.0. The latest version of Caldera can be cloned using the following method:

git clone https://github.com/mitre/caldera.git --recursive

Plugin Payload Source Code

For additional information on the IEC 61850 plugin payload source code, please see the iec61850-payloads repository.

Usage

  1. Install and enable the plugin as described above.
  2. Optionally, create a fact source to store attributes of the target system. An example is provided here.
  3. Start the Caldera server
  4. Create a new Operation, optionally using the fact source from step 2.
  5. Use "Add Potential Link" to run a specific ability from this plugin. Fact values can can be entered manually, or selected from a fact source.

About

Caldera for OT Plugin

Topics

mitre iec61850 adversary-emulation caldera operational-technology

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

8 watching

Forks

0 forks
Report repository

Releases 2

v1.0.1 Latest
May 10, 2024
+ 1 release

Contributors 2

  •  
  •  

Languages