ICS / SCADA penetration testing
Providing the security assurances you need when it comes to your critical Industrial Control Systems (ICS)
Why does your ICS need testing?
The impact of an Industrial Control System breach goes beyond data loss, it can result in huge financial manufacturing losses and, in the case of critical infrastructure, could potentially impact lives.
Many industrial systems do not undergo regular security updates and it’s common for a system to run for years without patching. This makes them extremely vulnerable to attacks that may have been patched decades ago.
Our ICS testing can help overcome the many issues associated with testing industrial systems and we are committed to providing an outstanding service that is tailored to your individual requirements.
Find out more about Pentest
Find out more about Pentest, the support we offer and
the reasons clients choose us.
What we review
ICS/SCADA testing takes place onsite and we have experience performing tests on live production systems, as well as test environments. Our testing is tailored to your requirements and can cover the following areas of an ICS/SCADA system:
Hardware
RTU/PLC/IED Firmware
Node service
Application security
Encryption
System tests
Our ICS testing process
Every ICS/SCADA penetration test goes through a rigorous process to ensure you get the best possible results. Below we outline the key stages our testing goes through:
1. Scoping
Your dedicated account manager (AM) will work with you to understand your business, the system under review & the desired outcomes. The AM will then work with the assigned Pentest consultants & your stakeholders to identify risks & ensure our testing meets your needs.
2. Proposal
A bespoke proposal of work will be drawn up based on your requirements, our experience and our consultant’s expertize. This proposal will outline our recommended test approach, the prerequisites needed & the time required to investigate the target.
3. Testing
Testing will commence on the agreed date and our consultants will communicate with you throughout the test, to your set requirements. All testing is conducted manually and our consultants will look to identify as many issues as possible in the time allotted.
4. Reporting
A comprehensive, quality assured report of our findings will be delivered following the test. Our reports can be tailored to your needs, providing both a technical and managerial overview of findings, as well as our detailed remediation advice.
5. Post-test support
Our job doesn’t finish on the delivery of a report, your test consultant will be available after the test to explain any aspect of the report, as well as provide remediation support to internal teams and/or external suppliers.
6. Evidence of testing
Many of our clients need to supply evidence of testing for security assurance purposes. We can supply additional documentation which will provide these assurances to your internal and/or external stakeholders.
Why choose Pentest?
Our test process isn’t the only reason clients choose to work with us. Find out more about Pentest, our ethos and the support we offer our clients.
Contact us
Want to find out more about our ICS/SCADA penetration testing service? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.
