I am taking three classes in OT/ICS Cybersecurity. They are discussing (to a degree) MQTT. So here’s my question. Does anyone have a decent source of information that explains it in a clear but not overwhelmingly technical way? Thanks!
1 Like
This is old, but is a good introduction:
2 Likes
I use it a lot at work - MQTT is a protocol standard - that's basically publish/subscribe, with client's coming and going, and a "broker" that acts as a traffic cop to route the published "topics" to the interested subscribers. - The are lots of other details Last-Will&Testment (LWT), QOS, Persistence (Retain), encryption, TLS, ACLs, etc. beyond Pub/Sub as noted above, but brokers, clients, topics, and payloads are the basics
But I find the HiveMQ Series (they make a commerical broker) of docs, an easy read and it goes deeper the more you read (if you don't like video's per the above).
If you want to play, the main "free" broker is Misquitto, and main client to poke/prod topics is MQTT Explorer - Both are free to download, and take limited effort/resources to setup.
It's really a lightweight transport (that can be reliable with certain QOS settings), and it SCALES very well (to millions of topics) - and it allows loose coupling between publishers and subscribers (publishers just publish topics, they don't even know if there are any interested subscribers) - The downside is the key dependencies on the broker, and if your doing "real work", then you need HA, clusters, etc to not allow the broker to be a Single Point of Failure. - The other weakness (IMHO) is the payload format is not defined, so while topics are in a tree - The various clients, need to agree on the format of the payload, and very few industry players agree on that. - So you end up doing difference parsers to get fields out of the payload (See SparkPlug-B if you want real details).
I do OT Cybersecurity for a living at a F500 manufacturing company, and have my CISSP and SANS certs, have done S4 a bunch of times, etc. - So let me know if you have additional questions "from the trenches" versus just classroom material.
Hopefully, the Hive docs and the video above are enough to get you started.
5 Likes
I would actually love to follow up with you on the side on the OT thing. I'm working on transitioning into Cybersecurity from Railroad operations. The OT/ICS program I just started is a new program through a local college, and is focused on OT/ICS specifically.
In general, I have my CompTIA Sec+ and will be taking the ISC2 CC exam next week. I'm still trying to find my direction and getting what education and training I can but would love to connect with those deeper into the weeds than i am currently
FYI - I sent you a DM to discuss OT security topics offline from the HE forums.
2 Likes
