SCADA Penetration Testing

March 04, 2016 • Blog
Share this article

SCADA (Supervisory Control and Data Acquisition) is a type of industrial control system used to monitor and control industrial and infrastructure processes, as well as critical machinery.

Traditional security testing targets corporate networks, systems, and software which reside to provide services to corporate networks and users. SCADA systems have been relatively excluded from security testing.

SCADA systems are increasingly becoming a target for focused attackers – with some highly publicised successful intrusions resulting in malicious attackers obtaining administrative access to core systems.

To ensure your SCADA based systems are secured from external threats, self-assessment and external independent testing should be performed bi-annually.

Tesserent has performed many assessments on SCADA networks and has in-depth experience in assisting clients integrating security controls into their SCADA environment. Client references are available upon request.

Why perform SCADA testing?

    • SCADA systems are often outdated legacy systems and full of holes.
    • Companies today are connecting SCADA network segments to the Internet.
    • There is a tendency not to patch SCADA systems for fear of breaking something. This can leave gaps in your digital defence which attackers can easily exploit.

What you gain from this testing

    • A comprehensive understanding of the risks of your SCADA systems.
    • Assurance that your SCADA systems can hold up against a motivated attacker.
    • A comprehensive report outlining the security issues of your SCADA systems, including high impact recommendations and root causes.
    • Peace of mind that the SCADA systems are secure.

How Tesserent Tests

Tesserent customises its testing to your environment and requirements. We have developed a proven methodology to test SCADA systems which can include:

    • Foot printing systems and enumerating SCADA software in use.
    • Port Scanning
    • Identifying weak access controls.
    • Network Equipment Security Controls Testing
    • Administrator Privileges Escalation Testing
    • Password Strength Testing
    • Network segregation.
    • Exploitation research.
    • Brute Force attacks.
    • Denial of service checks.
    • Misconfiguration attacks.
    • Manual Vulnerability Testing and Verification
    • Manual Configuration Weakness Testing and Verification

We have assisted many organisations increase the security of their SCADA systems, particularly in mission critical processes. If you would like expert advice about securing your SCADA systems, please contact us for details.

Contact us

Speak with a Tesserent
Security Specialist

Tesserent is a full-service cybersecurity and secure cloud services provider, partnering with clients from all industries and all levels of government. Let’s talk.

Let's Talk
Tess head 10 min