SCADA or Process Control Networks based systems have moved from closed networks to open source solutions and TCP/IP enabled networks steadily over recent years which made them vulnerable to the same security vulnerabilities that face our traditional computer networks.
Why pen-testing of SCADA Networks Systems is essential?
Security issues of SCADA system are rapidly expanding, with new challenges for operators. Which results badly in security concerns is due to increased awareness of these systems, changes in systems and its configurations, creating new - and in some instances - increased vulnerabilities.
SCADA systems becomes a target of focused attackers. To make systems secured from external threats, self assessment and external independent testing should be preformed.
Valency Networks has worked with industry leaders in this subject matter, and performed numerous assessments on SCADA networks. We do possess in-depth experience in assisting clients to integrate security controls into their SCADA based process control environments. Valency Networks believes that penetration testing of a mission critical process controlled plant is an art whereby the uptime of plant while testing needs to be ensured.
How we do it??
Valency Networks perform Penetration Testing for SCADA follows documented security testing methodologies which can include:
Exploit Research (for Historians)
Manual Vulnerability Testing and Verification
Manual Configuration Weakness Testing and Verification (For RTO units)
Administrator Privileges Escalation Testing
Password Strength Testing (For SCADA OS)
Network Equipment Security Controls Testing (For networks connected to process control automation network)