ICS/SCADA
testing

protecting your critical industrial control systems

The impact of an Industrial Control System (ICS) breach goes beyond data loss, it can result in huge financial manufacturing losses and, in the case of critical infrastructure, could potentially impact lives.

Many industrial systems do not undergo regular security updates and it’s common for a system to run for years without patching. This makes them extremely vulnerable to attacks that may have been patched decades ago.  

Our ICS testing can help overcome the many issues associated with testing industrial systems and we are committed to providing an outstanding service that is tailored to your individual requirements.

What we review during ICS testing

Our testing is tailored to your requirements and can cover the following areas of an ICS/SCADA system:

Firmware

Encryption

Hardware

Network

The following provides an example of the tests we may perform, please note this is not an exhaustive list and many of the checks will depend on the specific system under review:

Network architecture: network seperation between control and node networks, network protocol vulnerabilties, identification of network access points, traffic capture, interception/modifcation of Command and Control, denial of service.

RTU/PLC/IED firmware: removal and overwriting, password/crypto key capture, hardening.

System tests: Control server, IO Server, HMI, Data Historian, Engineering workstations.

How is our testing delivered?

ICS/SCADA testing takes place onsite and we have experience performing tests on live production systems, as well as test environments. Every test is bespoke and our delivery method will tailored to the needs/requirements and the specific systems under review.

Our approach to ICS/SCADA testing

Every ICS/SCADA test goes through a rigorous process to ensure you get the best possible results. Below we outline the key stages:

1. Scoping

We work with you and your subject matter experts to gain a comprehensive knowledge of the system under review, evaluate the precise requirements of the test and understand any risks involved.

2. Proposal & prerequisites

A bespoke proposal of work will be drawn up based on your requirements, our experience and our consultant’s expertise. This proposal will outline our recommended test approach and provide details of the number of days we feel are needed to investigate the target system thoroughly.

We will work with you to ensure this proposal meets your exact requirements and once authorised; we will outline any necessary prerequisites that are needed to ensure testing starts on time.

3. Testing

Testing will commence on the agreed date and our consultants will communicate with you throughout the test, to your set requirements.

All our testing is conducted manually and our consultants will gain explicit authorisation before they conduct any action which may impact the system.

4. Reporting

A comprehensive, quality assured report of our findings will be delivered within 5 days of the test finishing. Our reports can be tailored to your needs, providing both a technical and managerial overview of findings, as well as our detailed remediation advice.

5. Post-test support

Our job doesn’t finish on the delivery of the report, your test consultant will be available after the test to explain any aspect of the report, as well as provide remediation support to internal teams and/or external suppliers.

6. Retest

You have the option to retest, ensuring reported vulnerabilities have been addressed.

7. Evidence of testing

Many of our clients need to supply evidence of testing for security assurance purposes. We can supply documentation which will provide these assurances to internal and/or external stakeholders.

Why choose Pentest

We act as a trusted adviser, not just a test provider. So, whether it’s your first test or you’ve conducted hundreds, our team are dedicated to making the process as seamless as possible, to pass on their wealth of expertise and to provide you with the information security support you need.

Penetration test experts since 2001

Dedicated account management

Comprehensive, quality assured reporting

Unrivalled post-test support

Optional retest of issues

Contact us

Want to find out more about our ICS/SCADA testing? Our team are on hand to provide you with the information and support you need. Please fill out the form below and one of our team will be in touch shortly.

Our latest research

Our Labs page is the place to discover our latest research, advisories, tool releases and challenges.

Looking to improve your security? Our insights are a great place to start