The RATING-OT tool is a Risk Assessment Tool, whose aim is to support organizations to assess individuals and collective evidence-based risk profiles.
RATING-OT tool can support organizations to identify major cybersecurity risks for their business and main tangible and intangible assets and support decisions related to cyber-security investments on hard and soft mitigation solutions. Considering the evolution of the security measures adopted by the organization, also the attackers improved their attack strategies by using more complex and sophisticated techniques. A modern attack, in fact, does not strictly follow linearly the phases of the Cyber-Kill-Chain by Lockheed Martin. Contrariwise, it is quite complex and sophisticated, and therefore it is better described through tactics and techniques by the MITRE ATT&CK for ICS. The features of RATING-OT tool include OT-specific attack strategies (linked with the MITRE ATT&CK techniques), as well as specific attack phases for the Cyber Kill Chain. Moreover, the adoption of the PURDUE model for ICS security allows to distinguish the OT assets targeted by a specific attack-strategy. Thanks to the scanning of specific machines via the SNMP protocol the system is also able to automatically discover existing vulnerabilities that could be exploited via some attack strategies.