What is it about?
Once isolated, they are now increasingly networked to allow better management and take advantage of the advantages of digital transformation: industrial control environments, i.e. OT (Operational Technology) systems are consequently also more exposed to security problems typical of IT systems.
The use of TCP/IP-based protocols, common operating systems and software amplifies this evolution: think of the impact that malware such as Wannacry have had in this area.
CryptoNet Labs’ professionals have gained extensive experience for Vulnerability Assessment and Penetration Test in ICS / SCADA, through analysis techniques active, interacting directly with targets, and passive, i.e. based on the observation of network traffic.
The proposed tests cover all functional levels of an ICS/SCADA system: physical access, network, DMZ, control room, industrial protocols used and field devices (RTU / PLC). The analysis is carried out by agreeing with the customer on the locations, hosts and equipment involved, as well as times and methods.
Proceed with active checks if a testing environment is available or if “downtime” can be planned to avoid inefficiencies.
Alternatively, passive or semi-passive controls are possible. These are less intrusive but also less comprehensive, through the observation of network traffic, the controlled interaction with the devices or the revision of their configurations.
Who can benefit from it
Companies that manage critical infrastructures, industrial remote control systems, process networks (i.e. those that operate in the ICS / SCADA area), to verify their own level of security and guarantee compliance with the best practices and sector regulations (e.g. NIST 800-53 and 800-82, but above all the NIS Directive – EU 2016/114 – implemented by the Italian Government with Legislative Decree no. 65 of 18/5/2018).