Skip to content

OWASP OT Top 10

Operational Technology (aka: “OT”) refers to a broad range of programmable systems and devices that directly or indirectly interact with the physical environment. OT plays an active role across all sectors including manufacturing, energy, transportation, medical, and utilities. As OT becomes increasingly interconnected and integrated with IT networks, they become more vulnerable to large-scale cyber attacks. OT also increases the probability of catastrophic outcomes due to their control of the physical environment as opposed to data impacts in an IT environment.

The significance of safeguarding OT environments cannot be overstated. These systems are integral to the functionality of critical infrastructure, and any disruption or compromise can have severe consequences, ranging from operational downtime and financial losses to potential safety hazards and national security risks. Despite their importance, OT systems often lack the robust cybersecurity measures commonly found in IT environments, primarily due to the legacy nature of many industrial control systems (ICS) and the historical focus on availability and reliability over security.

Aim & Objective

The goal of the OWASP Operational Technology (OT) Top 10 is to raise awareness about the top security risks and vulnerabilities specific to Operational Technology (OT) environments. By providing actionable recommendations, we aim to improve the security posture of OT systems and protect critical infrastructure from cyber threats.

Target Audience

This document is written for two main target audiences: system developers, operators, and integrators. This mirrors the OT world in which system components are developed and integrated (i.e., configured and setup on-site) by different parties with different capabilities. While developers can pro-actively create secure components, integrators are often limited to implement mitigations.

However, development managers, product owners, Q/A professionals, program managers, and anyone involved in building software can also benefit from this document.

How to Use this Document

This document’s main purpose is to provide a solid foundation of topics to help introduce developers and integrators to the OT world an its very special set of requirements.

Project Leaders (in alphabetical order)

This document is released under the Creative Commons Attribution-ShareAlike 4.0 International license. For any reuse or distribution, you must make it clear to others the license terms of this work.