WHAT IS ICS | SCADA SECURITY ASSESSMENT?
Industrial Control Systems (ICSs) and Supervisory Control & Data Accusation (SCADA) Systems are the backbone of all major infrastructures of every city in the world. Protecting these systems and preventing security breaches has become a priority for all governments. A simple breach can shut down a power girds, disturb traffic control system, cause major aviation disasters and contaminate the water supply.
ndustrial Control Systems (ICSs) were originally built as stand-alone systems that were not interconnected and had little in the way of security protections. The internet and ubiquitous internet protocol networks have changed the design of many ICS such that the control network is now often a protected extension of the corporate network. This means that these delicate ICSs are potentially reachable from the Internet by malicious and skilled adversaries.
Common threat agents for these ICS systems are:
- Cyber Criminals / Terrorist
- Malicious Insiders
- Spyware/malware authors
- Industrial/State sponsored threat actors
BENEFITS OF ICS | SCADA SECURITY TESTING
SCADA systems are increasingly becoming a target for focused attackers. In order to ensure that SCADA based systems are secured from external threats, self assessment and external independent testing should be preformed bi-annually.
- Detect the cybersecurity risks being posed to your ICS systems so as to quantify the threats and provide adequate security expenditure.
- Lessen your organization’s cybersecurity expenses and provide a better return on security investment by detecting and resolving vulnerabilities and weaknesses.
- Prevent false-sense of security and learn the real state of security for your ICS systems
- Provide your organization with assurance – a comprehensive assessment of organizational security covering policy, procedure, design and implementation.
- Implement best practices by conforming to legal and industry regulations.
IT SEC’s Industrial Control System security consultants will conduct detailed security assessment of your mission critical SCADA systems to determine how vulnerable your ICS are against external and internal attacks against all security breaches.
IT SEC ICS Security testing is conducted in compliance with ICS-CERT, DoE (Department of Energy), DHS (Department of Homeland Security) and ENISA guidelines for ICS systems, NIST, NESA, SIA and DGISR.
Stages of ICS | SCADA Security Assessment
ASSESSMENT PLAN DEVELOPMENT
A detailed plan that specifies a schedule and budget, targets and goals, etc.
TESTING ENVIRONMENT CONFIGURATION
Start with becoming very familiar with any relevant company policies and procedures.
Gather threat intelligence, conduct threat modeling exercise and determine major vulnerabilities
ACTION PLAN REPORTING
Detailed reporting of associated steps and findings. Document ICS environment remediation recommendations