Industrial Control System (ICS / SCADA) Penetration Testing

Providing the cybersecurity assurances you need when it comes to your critical Industrial Control Systems

Why do Industrial Control Systems need testing?

The impact of an Industrial Control System breach goes beyond data loss, it can result in huge financial manufacturing losses and, in the case of critical infrastructure, could potentially impact lives.

Many industrial systems do not undergo regular security updates and it’s common for a system to run for years without patching. This makes them extremely vulnerable to attacks that may have been patched decades ago.

Our ICS testing can help overcome the many issues associated with testing industrial systems and we are committed to providing an outstanding service that is tailored to your individual requirements.

Our ICS testing

What we review

ICS/SCADA testing takes place onsite and we have experience performing tests on live production systems, as well as test environments.

Our testing is tailored to your requirements and can cover the following areas of an ICS/SCADA system:


RTU/PLC/IED Firmware

Node service

Application security


System tests

Not sure what you need?

Our team will be happy to discuss your individual requirements and provide a no obligation proposal based on your needs.

Our approach

The security confidence we provide doesn’t come from a one size fits all solution.

Every ICS/SCADA penetration test goes through a rigorous process to ensure you get the best possible results. Below we outline the key stages our testing goes through:

1. Client Focused Scoping

We work closely with you to fully understand the environment under investigation and your exact requirements before putting forward a bespoke test proposal.

2. Expert Manual Testing

Our manual testing is designed to challenge your security. That's why we only hire the very best information security consultants & all consultants are directly employed by us.

3. Tailored Reporting

Reporting isn't just a piece of paper, it's an ongoing process. We tailor our reporting to you, whether you need in-test notifications, ticket integration or a bespoke test report.

4. Post-Test Support

Our job doesn't finish on the delivery of a report. We make our consultants available after your test to provide clarification on findings & pass on their wealth of expertise.

5. Fix Check & Documentation

A fix check can be employed to ensure issues found have been successfully remediated & additional documentation can be supplied for assurance purposes

6. Ongoing Partnership

We see ourselves as trusted advisors and welcome clients contacting us outside of testing, providing honest advice on security issues wherever we can.

Like the sound of our approach?

You can find out more about our test process and why it sets us apart.

Contact us

Want to find out more about our ICS/SCADA penetration testing services? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.