OWASP OT Top10 Vulnerabilities Demonstrator Project

The purpose of this project is to create a virtualised Operational Technology environment utilising docker/VM components to simulate the OT environment itself (Modbus/SCADA communications) in terms of sensors and active control comoenets and the interfaces to the HMI so that various lab activities can be carried out to show the impact of exploiting OT Top10 vulnerabilities.

Essentially to show what happens when the HMI turns RED!

Road Map

Discussion with other OWASP projects and community on the most appropriate OT environments to simulate attacks on.

Look at the feasibility of simulating OT components as docker/VM discrete components within a sample case study environment industry or critical infrastructure based

Simulate a sample ModBus/SCADA component with associated controller

Simulate a sample HMI environment

Start with one of the Top10 attacks as a proof of concept and how a typical vulnerability can be exploited and demonstrate via a sample lab exercise how the lights turn Red!