These systems were not expected to be available from
the public Internet, but
rather would be isolated (Air Gap). The physical isolation of ICS/SCADA systems does not mean that an
attacker cannot penetrate this network.
Depending on the nature of the system, a security incident may have fatal consequences, such as life
threats, sabotage, financial loss, and production outage.
In the past, there were notorious attacks on power grids in Ukraine and STUXNET in Iran.
The purpose of the penetration test is to identify security vulnerabilities and misconfigurations in
ICS/SCADA systems to prevent real
hacker attacks. The penetration test results in a report and customer consultation. The report does not
contain any "false-positive"
findings, but only verified vulnerabilities and recommendations on how to remove them.
The penetration test can be performed using the BLACK BOX (no information about the tested
infrastructure), GRAY BOX
(partial information about the tested infrastructure) or WHITE BOX (full information about the tested
including configuration files of devices / settings) method.
The cost of the penetration test depends on the depth of the tests, and the size and complexity of the
The price is determined after customer consultation, which determines the scope, type of test, and other
requirements from the customer.
ICS/SCADA systems may partly be tested using the same methodologies as with the other provided services
(infrastructure and web penetration
test, VA, IoT, WiFi, reverse engineering, etc.), but there are some important differences.
If the testing has side-effects (change of data, unavailability), then these effects are more serious and
have more impact than in a typical corporate network, especially when tested in a production environment.
ICS/SCADA testing requires more understanding of how the infrastructure works, precise planning, active
collaboration, and a team of people
with ICS/SCADA experience. It is therefore ideal to test in a backup/test environment that is identical
to the production environment,
or when the production environment is offline - for maintenance purposes.
- Conversation with the customer and determination of the test scope
- Test plan (Threat modeling) - identification of possible vulnerabilities in the infrastructure (potential attack
vectors are identified in collaboration with the customer)
- Test evaluation, report
- Presentation of results to the customer
Our ICS/SCADA infrastructure penetration tests usually include:
- Application test
- Infrastructure test
- Wireless network test
- Physical security assessment
- Social engineering
- Code and configuration check
- General safety assessment
Binary House recognizes the importance of expertise in ICS/SCADA testing. Therefore, we cooperate with
a major South Korean company that has years of
experience and expertise in industrial systems testing.
Other references are available on request.