NSA Releases Analytics, Signature Repository for Critical Infrastructure OT Protection

The National Security Agency has released a new cyber signature and analytics repository to help cyber officials fend off malicious activities in operational technologies.

The ELITEWOLF capability is a set of operational technology intrusion detection signatures and analytics that allows officials to continuously monitor their systems. According to ELITEWOLF’s GitHub page, the signatures and analytics included in the list need follow-on analysis to determine if they are malicious.

The signature and analytics repository can be used for critical infrastructure, defense industrial base and national security systems OT environment protection, NSA said Thursday.

ELITEWOLF is one of several offerings available to help defenders identify and mitigate OT threats.

In September, Mitre released an extension for its Caldera platform that enables automated exercises replicating OT threats. Caldera is an adversary emulation platform that automates operations, security assessments and teaming for cybersecurity personnel.

The OT security offerings were released around a year after the NSA and the Cybersecurity and Infrastructure Security Agency issued a joint advisory about OT and industrial control systems protection. The joint advisory discussed malicious actors’ strategies and offered cybersecurity recommendations.