Skip to content

The Top 10

Methodology

How were the OT Top 10 created?

  • meetings every two weeks to gather the top 10 list
  • quantitative discussion to form the top 10

How did we make sure that we covered reality?

  • check existing OT incident reports and see if the proposed top 10 fit

Structure of each Top 10 Item (also see template)

Each entry in the OWASP OT Top 10 will be accompanied by a short description, public incidents exploiting that entry, recommended mitigation and countermeasures, as well as references and tooling to assist in addressing the identified risks.

Field Description
Name Name/Title of the Item
Description Show description of the item
Known OT Attacks utilizing this Item https://www.icsadvisoryproject.com, https://icsstrive.com/
Mitigation/Countermeasures There will be multiple levels: 1) design and implementation level mitigations for developers/builders; 2) operational mitigations for integrators, e.g., air-gapping systems
References Relevant standards
Tooling Links to Tools that can be used to test for the vulnerability