Skip to content

atharva789/ot-shield

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

OT Shield

The Physics Engine for Industrial Cybersecurity


Cyberattacks on industrial systems don't steal data. They destroy equipment, contaminate water supplies, and shut down power grids. Every OT security platform on the market monitors network traffic — but none of them can answer the question that matters:

"Will this command damage a $2M pump, and if so, how fast?"

OT Shield answers that question in under 50 milliseconds.



Live DemoProductDemo VideosWhy This MattersHow It WorksMarketInvestment



The Problem

The OT/ICS cybersecurity market is $18 billion today and growing to $35 billion by 2029. Billions of dollars flow into platforms that monitor network packets — and every single one of them has the same blind spot:

They see the command. They don't understand the physics.

When an attacker sends SET pump_speed = 4200 RPM to a centrifugal pump rated at 3,550 RPM:

Platform Response
Claroty "Anomalous Modbus write detected"
Nozomi Networks "Unusual traffic pattern flagged"
Dragos "Suspicious OT command observed"
OT Shield "CRITICAL: Bearing failure in < 5 minutes. API 610 Section 6.12.1 violation. Flowserve Mark 3 duplex angular contact bearings (7312B) will experience oil film breakdown at sustained overspeed. BLOCK THIS COMMAND."

The difference is the difference between a log entry and saving a $2M piece of equipment.


Demo

Real-Time Dashboard — Command Evaluation & Threat Detection

Dashboard Demo

OT Shield evaluating live OT commands against equipment physics limits. Watch as a multi-device attack unfolds: individually normal commands combine to create a deadly pump deadhead condition — detected and blocked in real-time.


Attack Scenario — Cross-Device Physics Detection

Attack Detection Demo

Full attack kill chain: attacker compromises an engineering workstation, pivots to a PLC, and orchestrates a coordinated valve-closing + pump-ramping attack. Each command looks normal in isolation. OT Shield's cross-device physics engine catches the lethal combination and blocks the attack before equipment damage occurs.


Video files: assets/videos/

Generated programmatically from real equipment specifications — the same data OT Shield uses in production.


How It Works

%%{init: {'theme': 'dark', 'themeVariables': {'fontSize': '18px', 'fontFamily': 'monospace'}}}%%
flowchart TD
    IN(["OT Command\nModbus · OPC UA"]):::input

    subgraph ENGINE["  OT Shield Engine  "]
        direction TD
        EL["Equipment Library\nAPI 610 · NEMA MG1 · ASME BPVC · TEMA · ISA 75.01"]:::det
        ML["ML Envelopes\nSWaT dataset · Gaussian/KDE · CUSUM drift"]:::det
        CV["CVE Pipeline\nCPE → ECLASS → Attack → Simulation"]:::det
        PE(["Physics Evaluation\nSpec limits · Cross-device detection · Time-to-damage"]):::eval
        AG["Agentic Investigation\nThreat Intel · Physics Sim · Equipment Expert (RAG + LanceDB)"]:::ai
    end

    OUT(["Risk Assessment\n< 50ms total"]):::output

    IN --> EL & ML & CV
    EL & ML & CV --> PE
    PE -- "deterministic · < 10ms" --> OUT
    PE -- "ambiguous / novel" --> AG
    AG --> OUT

    classDef input  fill:#0d2a2a,stroke:#32c8b4,stroke-width:2px,color:#f5f5f7
    classDef det    fill:#0d0d12,stroke:#32c8b430,color:#86868b
    classDef eval   fill:#0d1a2a,stroke:#4e9cf8,stroke-width:2px,color:#f5f5f7
    classDef ai     fill:#130d1f,stroke:#8857e5,color:#86868b
    classDef output fill:#2a0d0d,stroke:#f85049,stroke-width:2px,color:#f5f5f7
Loading

Key design principle: Deterministic first, AI fallback. The physics engine runs without any LLM dependency — pure spec-based evaluation at < 10ms. AI agents activate only for ambiguous cases, novel attacks, or when operators need natural-language investigation reports. No single point of failure.


What Makes OT Shield Different

Capability OT Shield Everyone Else
Real equipment specs API 610, NEMA MG1, ASME BPVC, TEMA — actual manufacturer datasheets Heuristics and statistical baselines
Cross-device physics Detects pump deadhead, thermal shock, VFD overflux — attacks invisible to single-device monitors Single-device anomaly detection
Time-to-damage "Bearing failure in < 5 minutes" "Alert: anomaly detected"
CVE-to-physics mapping Maps CVEs to specific equipment damage scenarios CVE severity scores (no equipment context)
Standards-native data ECLASS, OPC UA, NAMUR NE 107, IEC 62443, ISO 14224 Proprietary schemas
Deterministic + AI Works without LLM, works better with it Either rules-only or AI-only

Market

$18B global OT/ICS cybersecurity market (2024) growing to $35B by 2029 (CAGR ~14%)

Go-to-market: OEM API for existing OT security vendors. Not a competitor to Claroty, Nozomi, or Dragos — the physics layer they don't have. Per-evaluation pricing, 80%+ gross margins.

Target customers: OT security platform vendors who need physics-aware command evaluation to differentiate against increasingly commoditized network monitoring.


Repository Structure

sentry/
├── ot-shield/              # Core product
│   ├── equipment/          #   Equipment model library (5 types, 2 manufacturers)
│   ├── engine/             #   Physics evaluation engine + cross-device detection
│   ├── learning/           #   ML-learned operating envelopes (SWaT dataset)
│   ├── agent/              #   Multi-agent LLM investigation (LangGraph)
│   ├── cve/                #   CVE processing & hybrid retrieval (LanceDB)
│   ├── api/                #   FastAPI REST interface
│   ├── tests/              #   60+ test scenarios, TDD methodology
│   └── specs/              #   5-phase implementation specifications
├── investor/               # Investment materials
│   ├── one_pager.md        #   Investor one-pager
│   ├── source_of_truth.md  #   Full investor brief
│   └── technical_writeup_for_resume.md
├── assets/                 # Demo videos & generation scripts
│   └── videos/             #   MP4 product demonstrations
└── docs/                   # Architecture documentation

See the full product README for technical deep-dive, code examples, and architecture details.


Quick Start

cd ot-shield

# Install
pip install -e ".[all]"

# Run tests (60+ scenarios)
pytest tests/ -v

# Start API server
uvicorn api.server:app --reload


OT security platforms see the network. OT Shield understands the physics.

Because when a $2M pump is about to fail, "anomaly detected" isn't good enough.


Product READMEInvestment MaterialsDemo Videos

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Packages

 
 
 

Contributors