MITRE contributed its Caldera adversary emulation platform to the Apache Software Foundation (ASF) on May 20, 2026, placing a widely used cybersecurity testing tool under vendor-neutral, community-driven governance with direct implications for industrial control system (ICS) and operational technology (OT) security programs.

Background

Caldera is an open-source cybersecurity platform for automated adversary emulation, built on the MITRE ATT&CK framework and used for red teaming, purple teaming, security validation, and cyber research. MITRE developed the platform with support from the National Science Foundation over nearly a decade. Its relevance to industrial environments grew significantly when MITRE and the Department of Homeland Security's Homeland Security Systems Engineering and Development Institute (HSSEDI) partnered with the Cybersecurity and Infrastructure Security Agency (CISA) to create Caldera for OT - an extension targeting threats specific to operational technology networks. Caldera for OT exposes native OT protocol functionality as plugins covering BACnet, DNP3, Modbus, IEC 61850-MMS, and Profinet/DCP protocols, with all abilities mapped to the ATT&CK for ICS matrix.

The platform's architecture provides security teams a modular, automation-friendly means of running structured adversary simulations against converged IT/OT environments - a capability that has gained urgency as previously air-gapped industrial control systems become increasingly connected to enterprise networks and the internet.

Details

MITRE has now contributed Caldera to the Apache Incubator as Apache Caldera (Incubating), with the open-source core moving to ASF infrastructure and operating under the ASF's transparent, merit-based governance model. Public repositories, documentation, and release processes will transition to ASF-hosted resources, with existing MITRE-hosted resources redirecting to the new locations.

According to MITRE, the transition aims to expand collaboration across global cybersecurity and open-source communities, increase platform adoption, and support long-term sustainability through vendor-neutral governance. MITRE remains actively involved through ongoing technical leadership, long-term stewardship, and governance contributions. Caldera's mission of advancing open, ATT&CK-aligned adversary emulation remains unchanged, and MITRE's sponsor-focused capabilities, sensitive research efforts, advanced integrations, and plugin development will continue to be maintained within protected MITRE-managed environments.

"ASF governance enables Caldera to continue growing as a global cybersecurity resource while MITRE remains actively involved in its development and direction," said Mark Perry, Caldera lead and principal cybersecurity engineer at MITRE.

For manufacturing and critical infrastructure operators, the governance shift carries practical implications. Under the Apache License, Version 2.0, standardized licensing terms reduce procurement and legal friction for enterprises seeking to integrate Caldera-based assessments into formal compliance workflows aligned with frameworks such as ISA/IEC 62443 or NERC CIP. The Profinet plugin for Caldera for OT was developed under CISA's Control Environment Laboratory Resource (CELR) project, and the OT plugin set - including support for IEC 61850 - has seen active protocol coverage expansion in recent release cycles, signaling continued investment in industrial use cases.

The ASF model also introduces contribution governance norms familiar to enterprise IT teams but less established in OT security tooling. Apache Caldera (Incubating) introduces a new governance and collaboration model for the open-source core platform while preserving MITRE's active involvement and Caldera's mission. Organizations deploying the platform across converged IT/OT environments will need to evaluate dependency management practices and the boundary between the open-source core and MITRE-maintained closed-source capabilities. MITRE maintains a closed-source version of Caldera with additional capabilities, including greater scalability to more endpoints.

Outlook

The Apache Incubator phase requires projects to demonstrate community health and process compliance before graduating to a top-level Apache project - a process that typically spans one to two years and will determine the pace at which governance matures around Caldera's OT-specific capabilities. For plant managers, OT architects, and industrial CISOs evaluating adversary emulation programs, the transition offers an opportunity to engage with standardized tooling before procurement decisions are finalized. Organizations already piloting Caldera-based red-team exercises in ICS environments should monitor the ASF incubation roadmap to assess how plugin governance, versioning, and contribution norms evolve across both IT and OT workstreams.