There are significant concerns regarding the lack of proficient cybersecurity professionals with a background in both Information Technology (IT) and Operational Technology (OT). In its 2019 State of Cybersecurity survey, ISACA reports that 69% of the participating enterprises (1,576 worldwide organisations) have understaffed cybersecurity teams and 58% have unfilled (open) cybersecurity positions.
To help alleviate this problem, we propose an open, flexible and inexpensive laboratory to train on the cybersecurity problems at the convergence of IT and OT, and help its users to understand, identify, emulate and mitigate common attacks. To assess the security measures of MQTT-oriented implementations and the security properties of TLS-enabled endpoints, we use the following tools as part of the hands-on sessions:
- MQTT Security Assistant (MQTTSA), a tool that automatically evaluates misconfigurations in MQTT environments and provides a report of potential vulnerabilities and mitigation measures at a different level of details.
- TLS Assistant, a fully-featured tool that combines state-of-the-art TLS analyzers with a report system that suggests appropriate mitigations and shows the full set of viable attacks.
Both tools are developed by the Security&Trust Research Unit at Fondazione Bruno Kessler.
More information about the laboratory can be found on: L.Nicolodi, U.Morelli, S.Ranise, "An Open and Flexible CyberSecurity Training Laboratory in IT/OT Infrastructures". In proceedings of the 1st Model-driven Simulation and Training Environments for Cybersecurity (MSTEC 2019) .
The theoretical lectures and the hands-on workshops that form the laboratory are available under license Apache-2.0 on GitHub.
To proficiently follow the laboratory lessons and workshops, we require the following:
- Knowledge of Python
- Follow the Environment Setup and First Python Program at https://www.tutorialspoint.com/python/python_environment.htm and https://www.tutorialspoint.com/python/python_basic_syntax.htm, respectively.
- Refer to one of the following tutorials: https://learnxinyminutes.com/docs/python/ and https://www.learnpython.org/en/Variables_and_Types.
Italian tutorial available at: https://pythonitalia.github.io/python-abc/
- Basic knowladge of Networking:
- ISO/OSI and TCP/IP network models: https://www.youtube.com/watch?v=LX_b2M3IzN8
- Network Basics for Beginners:
- TCP / IP: https://www.youtube.com/watch?v=vCN0Um46YIk
- IPv4 addresses: https://www.youtube.com/watch?v=oieIGwUPaKE
- MAC Addresses: https://www.youtube.com/watch?v=_Fdj1fY0gp8
- Routing and Switching: https://www.youtube.com/watch?v=xSiE0tahshI
Italian tutorial available at: https://www.youtube.com/watch?v=TKMBSH3TS7I .
- Linux
- (ENG) https://www.youtube.com/watch?v=YHFzr-akOas&list=PLS1QulWo1RIb9WVQGJ_vh-RQusbZgO_As
- (ITA) https://www.sci.unich.it/~amato/teaching/old/labdati10/lezioni/linux/linux.php
Who we are
Umberto Morelli
Collaborator@Security&Trust - Fondazione Bruno Kessler, Trento, Italy umorelli@fbk.eu
Silvio Ranise
Head of Security&Trust @ Fondazione Bruno Kessler, Trento, Italy ranise@fbk.eu
Lorenzo Nicolodi
IT/OT and Cybersecurity expert@Microlab.redlo@microlab.red