OWASP OT Top 10

Operational Technology (OT), which encompasses the hardware and software systems used to monitor and control industrial processes, plays a critical role in sectors such as manufacturing, energy, transportation, and utilities. As these systems become increasingly interconnected and integrated with IT networks, they also become more vulnerable to cyber threats.

The significance of safeguarding OT environments cannot be overstated. These systems are integral to the functionality of critical infrastructure, and any disruption or compromise can have severe consequences, ranging from operational downtime and financial losses to potential safety hazards and national security risks. Despite their importance, OT systems often lack the robust cybersecurity measures commonly found in IT environments, primarily due to the legacy nature of many industrial control systems (ICS) and the historical focus on availability and reliability over security.

Aim & Objective

The goal of the OWASP Operational Technology (OT) Top 10 is to raise awareness about the top security risks and vulnerabilities specific to Operational Technology (OT) environments. By providing actionable recommendations, we aim to improve the security posture of OT systems and protect critical infrastructure from cyber threats.

Target Audience

This document is written for two main target audiences: system developers and system integrators. This mirrors the OT world in which system components are developed and integrated (i.e., configured and setup on-site) by different parties with different capabilities. While developers can pro-actively create secure components, integrators are often limited to implement mitigations.

However, development managers, product owners, Q/A professionals, program managers, and anyone involved in building software can also benefit from this document.

How to Use this Document

This document’s main purpose is to provide a solid foundation of topics to help introduce developers and integrators to the OT world an its very special set of requirements.

Project Leaders (in alphabetical order)

• Andreas Happe
• Simon Rommer

Copyright and License

This document is released under the Creative Commons Attribution-ShareAlike 4.0 International license. For any reuse or distribution, you must make it clear to others the license terms of this work.