Industrial Control Systems, specifically the older installations, are often deployed as isolated installations, with no access to the external networks including internet. Most of their security controls revolve around physical security. Today, these ICS networks are getting connected indirectly and true network isolation is becoming uncommon. Initiatives like Digital Transformation leads the business case towards ICS systems integration with business networks. Also, some malware can use extream tactics to connect the air-gaped networks to the internet.
Attackers controlling an ICS environment can not only destruct the data, bu also disrupt the production, physical damage and risk the lives of people.
ValueMentor offers tailored services to analyze and understand your industrial processes and operational technologies from field-level equipment to central management systems.
ValueMentor ICS Security Approach
- ICS Security Governance & Strategy
- ICS Security Maturity Assessment
- Site Security Assessment
- ICS Standards Gap Assessment
- ICS Architecture Assessment & Design
- ICS Security Controls Design & Implementation
- ICS Security Solution Implementation
- ICS / SCADA System configuration management
- ICS Standards Compliance
- ICS Penetration Testing & Attack Simulation
- ICS Vulnerability & Configuration Assessment
- ICS Security Monitoring and Intrusion Detection
Respond & Recover
- ICS Incident Response Plans
- ICS Breach Assessments and Threat Hunting
- Disaster Recovery and Contingency Planning
- ICS Breach Response service
SCADA / ICS Security Services
ICS Cyber Security Framework
Our team presents the scope of penetration testing to be carried out to the clients. Such as details regarding the machines, system, and network to be used, the operational requirements are assessed.
ICS / SCADA Risk Assessment
We gather information’s regarding various media used, analyze all those hosts, network and/or application belongs to the entity’s environment so that with the help of those detail the testing could be conducted.
ICS / SCADA Gap Analysis
ICS / SCADA Penetration Testing
Our team conducts certain processes like scanning the network with various scanning tools, identification of open share drives, open FTP portals, services that are running, and much more for the detection of vulnerabilities.
ICS Security Services
The vulnerabilities which are identified are further exploited in this process. Here the process is done manually using commercial tools and custom scripts and powershell
ICS Incident Response
The engagement results in delivering a detailed report of the assessment. This includes an Executive Summary for the management, A Detailed report on each of the findings with their risk ratings and remediation recommendations.
To know more about our ICS Security Services
ICS Security Testing
Our ICS / SCADA Security testing involves a step-by-step approach. The approach follows the CREST ICS Testing methilody and meets the NIST guidelines
Define & Agree the Scope
- Define business purpose of engagement
- Agree ICS business process model
- Confirm specific systems, devices and infrastructure in scope
- Confirm composition of testing team
ICS Risk Assessment
- Gather threat intelligence
- Conduct threat modelling exercise
- Determine major vulnerabilities
- Assess risks and prioritise
- Agree risk-based approach to testing
Identify ICS Assets
- Conduct ICS device discovery exercise
- Determine network topology
- Gather and review ICS network and device configuration information
- Agree ICS technical infrastructure mode
Develop Test Plan
- Create test scenarios mapped to the threat models
- Determine offline and online tests
- Create and agree progressive test schedule
ICS Penetration Testing
- Perform ICS Penetration Testing
- Perform ICS Offline security tests
- Perform ICS online security tests
- Improve the test plan based on the ICS assets identified
ICS Security Test Report
- Analyse test results and condolidate findings
- Document ICS environment remediation recommendations
- Review findings with key stakeholders
Benefits of SCADA / ICS Security Testing
A Penetration test is useful only if the penetration tester provides you with an actionable report which is easy to understand and explains each risk in detail.
- Reduces the exposed attack surface associated with known vulnerabilities. Patches are frequently released in response to publicly identified vulnerabilities.
- Eliminates the readily exploitable code associated with unnecessary services on control system servers and workstations
- Reduces or eliminates the vulnerabilities ranging from default accounts to weak passwords that provide opportunities for an intruder to enter the system.
- Eliminates directory traversal attacks and other common vulnerabilities.
- Industrial safety.
Would you like to speak to a Security Analyst?
Penetration testing is a simulated attack; that helps to identify the type of resources exposed to the outer world, the network security risk...
With cyberattacks becoming the norm, Penetration Testing has become a mandatory security engagement for every business. There are hundreds of...
When it comes to assessing your cyber security strategies, you must think from the perspective of a hacker. That is what exactly penetration testing...