protecting your industrial control systems
The impact of an Industrial Control System (ICS) breach goes beyond data loss, it can result in huge financial manufacturing losses and, in the case of critical infrastructure, could potentially impact lives.
Many systems do not undergo regular security updates and it’s common for a system to run for years without patching. This makes them extremely vulnerable to attacks that may have been patched decades ago.
Our ICS testing can help overcome the many issues associated with testing industrial systems and we are committed to providing an outstanding service that is tailored to your individual requirements.
the benefits of ICS/SCADA testing
what we test
Our testing is tailored to your requirements and can cover the following areas of an ICS/SCADA system.
The following provides an example of the tests we may perform, note this is not an exhaustive list as many of the checks will depend on the specific system under review:
- Network architecture: network seperation between control and node networks, network protocol vulnerabilties, identification of network access points, traffic capture, interception/modifcation of Command and Control, denial of service
- Node service: Weak authentication/authorisation, Sandbox issues
- RTU/PLC/IED firmware: removal and overwriting, password/crypto key capture, hardening
- System tests: Control server, IO Server, HMI, Data Historian, Engineering workstations
Every ICS test goes through a rigorous process, ensuring you get the best possible outcome for your organisation. Below we outline the key stages our testing goes through:
We work with you and your subject matter experts to evaluate the precise requirements of the test and the risks involved.
2. proposal & prerequisites
A proposal will be drawn up outlining the planned scope of work and the preparation needed to start testing.
Our consultants are given access to the target system, using their expertise to evaluate it from a security standpoint. This is usually executed on site and can be performed on either test/UAT or live environments.
4. ongoing communication
We communicate with you throughout the test, to your set requirements. Our consultants will also gain explicit authorisation before they conduct any action which may impact the system.
A comprehensive, quality assured report of test findings will be delivered.
6. post-test support
Our consultants will be available to offer guidance on any aspect of the report, as well as remediation efforts.
You have the option to retest, ensuring reported vulnerabilities have been addressed.
why choose us
Our ICS tests are designed to support your organisation’s overall information security efforts. It’s this support that truly sets us apart and our team is dedicated to reducing your cyber threat, to pass on our wealth of expertise and to provide you with the security assurances you need.
Want to find out more about our ICS/SCADA penetration testing services? Our team are on hand to provide you with the information and support you need. Please fill out the below form and a member of of our team will be in touch shortly.