MITRE has extended its D3FEND™ cybersecurity ontology to operational technology (OT), creating a structured knowledge base for defending cyber-physical systems.
As organizations modernize, OT systems are connected to networks and the cloud. This improves efficiency but also introduces new cyber risks, since many OT components were never built for internet exposure. The D3FEND extension provides a common framework to help the cybersecurity community better understand, secure, and sustain these essential systems.
Funded by the Cyber Warfare Directorate in the U.S. Office of the Under Secretary of War for Acquisition and Sustainment and the National Security Agency, D3FEND is expanding into specific domains, including cyber-physical systems that create real-world effects through programmed actions.
D3FEND for OT delivers a stable, extensible, and integration-friendly framework to support cybersecurity operations and strategic decision making in OT environments. By extending the D3FEND core ontology, D3FEND for OT enables OT engineers, defensive cyber engineers, cyber threat intelligence analysts, and others to use the D3FEND knowledge model to answer questions like:
- What are the fundamental artifacts, events, and relationships that comprise an OT security model?
- How do adversary capabilities and constraints abstractly map onto the structure and behaviors of our OT systems?
- What minimal observations and controls are necessary to infer malicious change and ensure safe, intended operation?
The OT workstream in D3FEND adds new artifacts including controllers, sensors, actuators, and OT network components; defines unique countermeasures; and provides mapping and links to other OT resources.
