There are significant concerns regarding the lack of proficient cybersecurity professionals with a background in both Information Technology (IT) and Operational Technology (OT). In its 2019 State of Cybersecurity survey, ISACA reports that 69% of the participating enterprises (1,576 worldwide organisations) have understaffed cybersecurity teams and 58% have unfilled (open) cybersecurity positions.
To help alleviate this problem, we propose an open, flexible and inexpensive laboratory to train on the cybersecurity problems at the convergence of IT and OT, and help its users to understand, identify, emulate and mitigate common attacks. To assess the security measures of MQTT-oriented implementations and the security properties of TLS-enabled endpoints, we use the following tools as part of the hands-on sessions:
- MQTT Security Assistant (MQTTSA), a tool that automatically evaluates misconfigurations in MQTT environments and provides a report of potential vulnerabilities and mitigation measures at a different level of details.
- TLS Assistant, a fully-featured tool that combines state-of-the-art TLS analyzers with a report system that suggests appropriate mitigations and shows the full set of viable attacks.
More information about the laboratory can be found on: L.Nicolodi, U.Morelli, S.Ranise, "An Open and Flexible CyberSecurity Training Laboratory in IT/OT Infrastructures". In proceedings of the 1st Model-driven Simulation and Training Environments for Cybersecurity (MSTEC 2019) .
To proficiently follow the laboratory lessons and workshops, we require the following:
- Knowledge of Python
- Follow the Environment Setup and First Python Program at https://www.tutorialspoint.com/python/python_environment.htm and https://www.tutorialspoint.com/python/python_basic_syntax.htm, respectively.
- Refer to one of the following tutorials: https://learnxinyminutes.com/docs/python/ and https://www.learnpython.org/en/Variables_and_Types.
Italian tutorial available at: https://pythonitalia.github.io/python-abc/
- Basic knowladge of Networking:
- ISO/OSI and TCP/IP network models: https://www.youtube.com/watch?v=LX_b2M3IzN8
- Network Basics for Beginners:
Italian tutorial available at: https://www.youtube.com/watch?v=TKMBSH3TS7I .
- (ENG) https://www.youtube.com/watch?v=YHFzr-akOas&list=PLS1QulWo1RIb9WVQGJ_vh-RQusbZgO_As
- (ITA) https://www.sci.unich.it/~amato/teaching/old/labdati10/lezioni/linux/linux.php