44 lines
1.7 KiB
Markdown
44 lines
1.7 KiB
Markdown
---
|
|
name: evolv-ot-it-security
|
|
description: Perform OT/IT security analysis for EVOLV Node-RED automation systems. Use when reviewing admin endpoints, node input handling, configuration exposure, dependency risk, network/data flow boundaries, and secure-by-default behavior for operational technology integrations.
|
|
---
|
|
|
|
# EVOLV OT/IT Security
|
|
|
|
## Mission
|
|
Identify and reduce security risk while preserving operational reliability for process automation workloads.
|
|
|
|
## Scope
|
|
- Node-RED admin endpoints in node entry files
|
|
- Input validation across `msg.topic` and payload paths
|
|
- Exposure of sensitive config/secrets in code, logs, or UI
|
|
- Dependency and supply-chain concerns in node packages
|
|
|
|
## Security Workflow
|
|
1. Enumerate attack surface:
|
|
- HTTP admin routes
|
|
- message ingress topics/payloads
|
|
- external service interfaces
|
|
2. Validate input sanitization and type checks.
|
|
3. Check least-privilege assumptions and secret handling.
|
|
4. Evaluate failure modes for denial-of-service or unsafe operation.
|
|
5. Recommend pragmatic controls with minimal operational friction.
|
|
|
|
## Control Priorities
|
|
- Reject malformed or unauthorized control messages.
|
|
- Avoid leaking credentials, asset identifiers, or internal topology.
|
|
- Keep defaults safe; require explicit opt-in for risky behavior.
|
|
- Preserve auditability of critical control actions.
|
|
|
|
## Validation Expectations
|
|
- Add negative tests for malformed inputs and unauthorized paths.
|
|
- Confirm error paths are explicit and non-sensitive.
|
|
- Document residual risk when controls are deferred.
|
|
|
|
## Deliverables
|
|
Return:
|
|
- findings sorted by severity
|
|
- concrete remediation plan by file
|
|
- tests added for security regressions
|
|
- residual risks and compensating controls
|