SCADA/OT Penetration Test

Industrial networks (OT – Operational Technology) and control systems (SCADA – Supervisory Control and Data Acquisition, ICS – Industrial Control Systems) require a specific approach when assessing their cyber security.

High availability and reliability requirements significantly limit the ability to deploy security patches and updates. In addition, standardised industrial protocols are often used; these typically evolve slowly and their security features may not meet current cyber security expectations. For this reason, it is also essential to assess how well the OT network is separated from its surrounding environment.

Benefits

OT/ICS/SCADA testing is always prepared based on a detailed consultation with the customer. The goal is to design scenarios that reflect the risks the system operator is most concerned about.

In many cases, no dedicated test environment is available. Testing is therefore carried out in close cooperation with the customer to minimise any potential impact on live operations. More invasive testing techniques are usually avoided.

Due to the specific nature of OT environments, identified weaknesses often cannot be remediated quickly. Even so, understanding these weaknesses is crucial for proper risk evaluation and for planning future development and security improvements.

Control and supervisory systems may also be classified as part of a state’s critical infrastructure. For this reason, they should be regularly assessed through penetration testing.

Testing Process

Testing is usually performed directly at the customer’s site, under their supervision and with their support.

The scope of testing can be adjusted to meet specific requirements. Tests may include, for example:

• separation of the SCADA/OT network from external environments (such as the customer’s office network or the internet),

• segmentation and internal connections within the OT network,

• data transfer paths between the OT network and external systems,

• assessment of options for physically connecting devices to the OT network,

• assessment of the security of standard computers used to operate the SCADA system (both servers and client workstations),

• assessment of the SCADA client as a desktop (or web-based) application, including the associated server-side backend,

• analysis of communication at the OT protocol level, such as IEC 101 (IEC 60870-5-101), IEC 104 (IEC 60870-5-104), DNP3, Modbus, Profibus, BACnet, and others.

Other Types of Tests

In addition to the tests described above, we also offer a wide range of other penetration testing services – see Penetration Testing – Overview. Some of these can also be relevant for specific SCADA/OT deployments.

Final Report

The results of the penetration test are documented in a final report, which contains details of the testing process, a description and classification of all the vulnerabilities found, and recommendations for mitigating the risks. We deliver the report securely in MS Word and PDF formats. The results can also be presented in a management presentation or a technical workshop.