There are significant concerns regarding the lack of proficient cybersecurity professionals with a background in both Information Technology (IT) and Operational Technology (OT). In its 2019 State of Cybersecurity survey, ISACA reports that 69% of the participating enterprises (1,576 worldwide organisations) have understaffed cybersecurity teams and 58% have unfilled (open) cybersecurity positions.

To help alleviate this problem, we propose an open, flexible and inexpensive laboratory to train on the cybersecurity problems at the convergence of IT and OT, and help its users to understand, identify, emulate and mitigate common attacks. To assess the security measures of MQTT-oriented implementations and the security properties of TLS-enabled endpoints, we use the following tools as part of the hands-on sessions:

  • MQTT Security Assistant (MQTTSA), a tool that automatically evaluates misconfigurations in MQTT environments and provides a report of potential vulnerabilities and mitigation measures at a different level of details.
  • TLS Assistant, a fully-featured tool that combines state-of-the-art TLS analyzers with a report system that suggests appropriate mitigations and shows the full set of viable attacks.

Both tools are developed by the Security&Trust Research Unit at Fondazione Bruno Kessler.

More information about the laboratory can be found on: L.Nicolodi, U.Morelli, S.Ranise, "An Open and Flexible CyberSecurity Training Laboratory in IT/OT Infrastructures". In proceedings of the 1st Model-driven Simulation and Training Environments for Cybersecurity (MSTEC 2019) .

The theoretical lectures and the hands-on workshops that form the laboratory are available under license Apache-2.0 on GitHub.

To proficiently follow the laboratory lessons and workshops, we require the following:

Italian tutorial available at:

Italian tutorial available at: .

Who we are

Umberto Morelli

Collaborator@Security&Trust - Fondazione Bruno Kessler, Trento, Italy

Silvio Ranise

Head of Security&Trust @ Fondazione Bruno Kessler, Trento, Italy

Lorenzo Nicolodi

IT/OT and Cybersecurity