Skip to content

Introduction

How were the OT Top 10 created

  • meetings every two weeks to gather the top 10 list
  • quantitative discussion to form the top 10

How did we make sure that we covered reality

  • check existing OT incident reports and see if the proposed top 10 fit

structure of each top 10 item

Each entry in the OWASP OT Top 10 will be accompanied by a short description, public incidents exploiting that entry, recommended mitigations and countermeasures, as well as references and tooling to assist in addressing the identified risks.

  • name
  • description
  • known OT attacks that utilized this vulnerability
  • https://www.icsadvisoryproject.com
  • https://icsstrive.com/
  • recommended mitigations and countermeasures
  • there will be multiple levels
    • design and implementation level mitigations for developers/builders
    • operational mitigations for integrators, e.g., air-gapping systems
  • references
  • relevant standards
  • OWASP cheat sheet series if relevant, etc.
  • NIST SP800-82
  • MITRE ATTACK ICS and navigator